VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances.
vRealize Log Insight (now known as VMware Aria Operations for Logs) is a log analysis and management tool that helps analyze terabytes of infrastructure and application logs in VMware environments.
The first critical bug patched today is tracked as CVE-2022-31703 and is described as a directory traversal vulnerability that malicious actors can exploit to inject files into the operating system of impacted appliances to achieve remote code execution.
The second one (tracked as CVE-2022-31704) is a broken access control flaw that can also be abused to gain remote code execution on vulnerable appliances by injecting maliciously crafted files.
Both vulnerabilities are tagged as critical severity with CVSS base scores of 9.8/10 and can be exploited by unauthenticated threat actors in low-complexity attacks that don’t require user interaction.
Today, VMware also addressed a deserialization vulnerability (CVE-2022-31710) that can be used to trigger a denial of service state and an Information disclosure bug (CVE-2022-31711) exploitable to access sensitive session and application info.
The company said the vulnerabilities were addressed with VMware vRealize Log Insight 8.10.2. None of the security bugs addressed today were tagged as being exploited in the wild.
Workaround also available
VMware provides detailed instructions on upgrading to the latest version of vRealize Log Insight here.
The company also shared a temporary fix for admins who cannot immediately deploy today’s security updates in their environments.
To apply the workaround, log into each vRealize Log Insight node in your cluster as root via SSH and execute a script (provided by VMware here).
Admins are also advised to validate the workaround by logging each node where the workaround script was executed.
If the workaround was applied correctly, you should get a message saying that the “workaround for VMSA-2023-0001 has been successfully implemented.”
Last month, VMware also patched a critical heap out-of-bounds write flaw in the EHCI controller (CVE-2022-31705) impacting ESXi, Workstation, and Fusion that can lead to code execution and a command injection vulnerability (CVE-2022-31702) that enables command execution without authentication via the vRNI REST API.