Multiple vulnerabilities affecting VMware vRealize log analysis tool (known as VMware Aria Operations for Logs) were disclosed privately to VMware who in-turn has issued updates and workarounds to address these vulnerabilities.
There are two critical vulnerabilities with a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10. The vulnerabilities are:
- CVE-2022-31706: A critical directory traversal vulnerability that could allow an unauthenticated malicious actor to perform Remote Code Execution (RCE)
- CVE-2022-31704: A critical broken access control vulnerability that could allow an unauthenticated malicious actor to perform RCE.
The vulnerabilities affect all versions of the VMware vRealize Log Insight tool before v8.10.2. This vulnerability (CVE-2022-31706) allows an unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. The (CVE-2022-31704) vulnerability allows an unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Users and administrators of affected product versions are advised to update to the latest version immediately. For those that deployed this tool on a VMware Cloud Foundation environment (v4.x and v3.x), users and administrators are advised to upgrade their cloud environment to v4.4.1 first before updating the VMware vRealize log analysis tool.
Found this article interesting? Follow Brightwhiz on Facebook, Twitter, and YouTube to read and watch more content we post.