VMware recently published an advisory regarding a critical vulnerability within VMware vRealize Log Insight, also known as VMware Aria Operations for Logs. Read on to learn more about the vulnerability.
Now known as VMware Aria Operations for Logs, the cloud-based log management tool is used to add structure to log data and increase visibility across all cloud environments. It offers dashboards and uses machine learning for quicker troubleshooting.
The first vulnerability VMware addressed is being tracked as CVE-2022-31703 and is described as a directory traversal vulnerability. If exploited, threat actors can inject files into the operating system of impacted appliances, allowing remote code execution (RCE), one of the most concerning types of cyberattacks seen today. RCE allows adversaries to gain access to a user’s data without needing physical access to the network.
The second vulnerability addressed, tracked at CVE-2022-31704, is an access control flaw that also can be abused to allow RCE on vulnerable appliances through the injection of malicious files.
Both vulnerabilities are scored as a 9.8 of 10 on the CVSS v3 scale and allow unauthenticated, low-complexity, remote attacks that do not require user interaction. If successful, these attacks allow cyber criminals to steal data, cause service disruption, deploy ransomware and move laterally to other areas in the network.
VMware stated that the vulnerabilities were addressed and patched in VMware vRealize Log Insight 8.10.2.
As of writing, VMware also stated there are no known attacks in the wild regarding these vulnerabilities.
Nuspire is not affected by the VMware vulnerability.
Organizations that use VMware vRealize Log Insight should immediately patch. If unable to, then at a minimum, the workaround should be applied in accordance with VMware’s guidance:
Patching instructions can be found here.
Guidance for applying the VMware provided workaround can be found here.