DATE(S) ISSUED:

08/09/2022

OVERVIEW:

Multiple vulnerabilities have been discovered in VMware vRealize Operations, the most severe of which could result in Remote Code Execution. VMware vRealize Operations is an IT management platform which enables visibility, optimization and management of an organization’s physical, virtual and cloud infrastructure. This software comes within an API which enables developers to build vRealize Operations clients to communicate with the server over HTTP. Successful exploitation of the most severe of these vulnerabilities could allow the attacker to execute code in context of the application. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

RISK:

Government:

Large and medium government entities:HIGH

Small government:MEDIUM

Businesses:

Large and medium business entities:HIGH

Small business entities:MEDIUM

Home Users:

LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in VMware vRealize Operations, the most severe of which could result in Remote Code Execution. Details of these vulnerabilities are as follows:
Tactic: Privilege Escalation (TA0029), Execution (TA0002):
Technique: Exploitation for Privilege Escalation (T1404), Exploitation for Client Execution (T1203):

RECOMMENDATIONS:

We recommend the following actions be taken:

REFERENCES:

CVE

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31672 ( attr(href) )

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31673 ( attr(href) )

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31674 ( attr(href) )

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31675 ( attr(href) )

VMware

https://www.vmware.com/security/advisories/VMSA-2022-0022.html ( attr(href) )

Leave a Reply