VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)

VMware has released a security advisory (VMSA-2022-0022) addressing multiple vulnerabilities in VMware vRealize Operations. The vulnerabilities vary from an authentication bypass (CVE-2022-31675), and privilege escalation (CVE-2022-31672) to information disclosure (CVE-2022-31673, CVE-2022-316734). These vulnerabilities have been discovered by Steven Seeley (mr_me) of Qihoo 360 Vulnerability Research Institute.
  
VMware vRealize Operations enable self-driving IT Operations Management across private, hybrid, and multi-cloud environments. This comes with a unified operations platform that delivers continuous performance, capacity and cost optimization, intelligent remediation, and integrated compliance through AI/ML and predictive analytics. 
 
Privilege Escalation Vulnerability (CVE-2022-31672) 
A malicious actor with administrative network access can escalate privileges to root by exploiting the vulnerability. VMware has rated this vulnerability as Important and given a CVSSv3 base score of 7.2. 
 
Information Disclosure Vulnerability (CVE-2022-31673) 
By exploiting this vulnerability, a low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to remote code execution. VMware has rated this vulnerability as Moderate and given a CVSSv3 base score of 6.5. 
 
Information Disclosure Vulnerability (CVE-2022-31674) 
By exploiting this vulnerability, a low-privileged malicious actor with network access can access log files that lead to information disclosure. VMware has rated this vulnerability as Moderate and given a CVSSv3 base score of 6.5. 
 
Authentication Bypass Vulnerability (CVE-2022-31675) 
By exploiting this vulnerability, an unauthenticated malicious actor with network access may be able to create a user with administrative privileges. VMware has rated this vulnerability as Moderate and given a CVSSv3 base score of 6.5. 
 
Affected versions  
VMware vRealize Operations Manager v8.x older than 8.6.4 are affected by these vulnerabilities. 
 
Mitigation 
VMware has released patches for these vulnerabilities. Customers can refer to the VMware Security Advisory (VMSA-2022-0022) to know more about mitigation and workaround.  
 
Qualys Detection  
Qualys customers can scan their devices with QID 730592 to detect vulnerable assets.  
  
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.  
  
References
https://www.vmware.com/security/advisories/VMSA-2022-0022.html

Leave a Reply

Your email address will not be published.