Vulnerabilities in VMWare Product

Published on 15 Dec 2022

Updated on 15 Dec 2022

VMware has released security updates to address several vulnerabilities in VMware vRealize Network Insight (vRNI), one of which is critical.

The vulnerabilities are:

  • CVE-2022-31702: Improper input validation within the vRNI REST API. A remote unauthenticated attacker can pass specially crafted data to the affected REST API endpoint and execute arbitrary commands on the system.
  • CVE-2022-31703: Input validation error when processing directory traversal sequences within the vRNI REST API. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

The following versions are affected by these vulnerabilities:

  • VMware vRealize Network Insight (vRNI) 6.2, 6.3, 6.4, 6.5.x, 6.6, 6.7

Users and administrators of the affected versions are advised to upgrade to the latest versions immediately.

More information is available here:

https://www.vmware.com/security/advisories/VMSA-2022-0031.html

https://www.cybersecurity-help.cz/vdb/SB2022121329