Tech Support
Documentation
Login
Contact Us
VMware patches three vulnerabilities during December Patch Tuesday
December 27, 2022 - TuxCare PR Team
VMware has released patches for a number of vulnerabilities, including a virtual machine escape flaw, CVE-2022-31705, which was exploited during the GeekPwn 2022 hacking challenge, as part of this month’s Patch Tuesday.
VMWare assigned a CVSS severity rating of 9.3/10 to this vulnerability and alerted that a malicious actor with local administrator rights on a virtual machine could exploit it to execute code as the virtual machine’s VMX process running on the host.
The VM escape flaw, documented as CVE-2022-31705, was exploited by Ant Security researcher Yuhao Jiang on systems running fully patched VMware Fusion, ESXi and Workstation products.
“On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed,” VMware said.
Meanwhile, the critical security update with a CVSS score of 7.2 addresses two vulnerabilities (CVE-2022-31700, CVE-2022-31701) in VMware Workspace ONE Access and Identity Manager. CVE-2022-31700 is an authenticated RCE vulnerability with a CVSS score of 7.2, while CVE-2022-31701 is a broken authentication bug with a severity rating of 5.3.
The products affected by the vulnerability includes;
ESXi 8.0 (fixed in ESXi 8.0a-20842819) (fixed in ESXi 8.0a-20842819)
ESXi 7.0 (fixed in 7.0U3i-20842708) (fixed in 7.0U3i-20842708)
Fusion version 12.x (fixed in 12.2.5)
16.x Workstation (fixed in 16.2.5)
4.x/3.x Cloud Foundation (fixed in KB90336)
VMware also resolved a command injection and directory traversal security vulnerability, both tracked as CVE-2022-31702 31702, a critical severity (CVSS v3: 9.8) vulnerability in the vRNI REST API of vRealize Network Insight versions 6.2 to 6.7 that allows command injection. And CVE-2022-31703, a directory traversal flaw with low severity (CVSS v3: 7.5) that allows a threat actor to read arbitrary files from the server.
The sources for this piece include an article in SecurityAffairs.
