- 292/2022
- High
VMware has released security updates to fix multiple vulnerabilities across multiple products.
The addressed vulnerabilities could allow the attacker to execute arbitrary code, obtain information and cause a denial of service attack on the affected products.
Samples of the addressed vulnerabilities:
1- VMware ESXi memory corruption vulnerability (CVE-2022-31696):
- CVSS: 7.5
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
2- VMware vCenter Server information disclosure vulnerability (CVE-2022-31697):
- CVSS: 6.2
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Affected Products:
- VMware ESXi
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
Vulnerabilities
- CVE-2022-31696
- CVE-2022-31697
- CVE-2022-31698
- CVE-2022-31699
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.