- 227/2022
- High
VMware has released a security advisory to address several vulnerabilities which affect multiple VMware products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system.
The addressed vulnerabilities could allow the attackers to perform several attacks, like executing arbitrary code on the underlying operating system that hosts the vCenter Server due to unsafe deserialization in the PSC (Platform services controller). In addition, these vulnerabilities could allow the attackers to cause a denial of service condition on the host of ESXi due to a NULL pointer deference flaw in the VMX process.
Sample of the addressed vulnerabilities:
VMware Tools Local Privilege Escalation Vulnerability (CVE-2022-31680):
• CVSS: 7.2
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: High
• User Interaction: None
• Consequences: Gain Access
The Affected Products:
• VMware ESXi
• VMware vCenter Server (vCenter Server)
• VMware Cloud Foundation (Cloud Foundation)
Vulnerabilities
• CVE-2022-31680
• CVE-2022-31681
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.