VMware has issued a security advisory for vRealize Log Insight that covers four vulnerabilities, including two critical RCEs
VMware has issued a security advisory for vRealize Log Insight that covers four vulnerabilities reported privately by the Zero Day Initiative (ZDI). Two of these vulnerabilities are rated as critical.
The issues have been fixed on vRealize Log Insight 8.10.2, so users should upgrade to the latest version. For administrators that are unable or unwilling to apply the update, there are workaround instructions available for the two critical vulnerabilities.
vRealize
VMware’s vRealize Log Insight—which was recently renamed to VMware Aria Operations for Logs—is a log collection and analytics appliance that enables administrators to monitor application logs, network traces, configuration files, messages and performance data. It helps them to troubleshoot private, hybrid, and multi-cloud environments, as well as perform security auditing and compliance testing. This is accomplished by placing an agent on each monitored device that collects analytics data on performance, state and logs.
Vulnerabilities
The first critical vulnerability is CVE-2022-31706, a directory traversal vulnerability with a CVSS score of 9.8 out of 10. Directory or path traversal flaws allow attackers to read, and possibly write to, restricted files by inputting path traversal sequences like ../ into file or directory paths. In this case, an unauthenticated, malicious actor can inject files into the operating system of an impacted appliance, which can result in remote code execution.
The other critical vulnerability is CVE-2022-31704, a broken access control vulnerability which also has a CVSS score of 9.8. It allows an unauthenticated, malicious actor to inject files into the operating system of an impacted appliance which can result in remote code execution. Access control intention is to enforce policies which make sure that users cannot act outside of their intended permissions.
The other two vulnerabilities are less critical, but they can result in a denial of service or information disclosure in the hands of an attacker.
Urgency
None of the vulnerabilities are known to be exploited in the wild, but VMware solutions are an attractive target for threat actors. And since both critical vulnerabilities offer unauthenticated threat actors an opportunity for remote code execution, it’s recommended to apply the patches at your earliest convenience or use the workaround while waiting for a suitable moment.
Earlier this month, VMware addressed multiple vulnerabilities in VMware vRealize Network Insight (vRNI). One of these vulnerabilities, listed as CVE-2022-31702 also had a CVSS score of 9.8. It allowed a malicious actor with network access to the vRNI REST API can execute commands without authentication.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.