VMware addresses multiple vulnerabilities, including two rated as critical, in the vRealize Log Insight product.
The vRealize Log Insight by VMware is a virtual appliance that allows administrators to gather and monitor Syslog data, as well as analyze it. CVE-2022-31706 is a directory traversal vulnerability and CVE-2022-31704 is a broken access control vulnerability, both of which can be used to execute remote code.
An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of a vulnerable system.
About the vulnerabilities
An unauthenticated attacker can exploit CVE-2022-31706 or CVE-2022-31704 to inject files into the operating system of a vulnerable device, which can lead to remote code execution. These vulnerabilities are easily exploitable, and they do not require user interaction.
The company also shipped fixes for a separate deserialization vulnerability that exposes vRealize Log Insight users to denial-of-service attacks.
CVE-2022-31710 is a deserialization vulnerability that can be triggered remotely to cause denial of service, and CVE-2022-31711 is an information disclosure flaw that attackers can exploit to remotely collect sensitive session and application information without authentication.
VMware patched the vulnerabilities in vRealize Log Insight version 8.10.2 and issued an advisory to guide users through the upgrade process.
Use SSH to connect as root to each vRealize Log Insight node in your cluster and run the workaround scripts published by VMware.