CNCS - Alert Detail

15 Dez 2022

Vulnerability Alert - VMWare

TYPE

Vulnerabilities

SYSTEMS AFFECTED

VMware vRealize Network Insight, VMware ESXi, Workstation, and Fusion

ECOSYSTEM

VMWare

Description

VMWare published two security advisories that addresses three vulnerabilities that affect VMWare products.
Two of the vulnerabilities affect the product VMware vRealize Network Insight (vRNI) - one of them is critical (CVE-2022-31702) and the other one is classified as important severity (CVE-2022-31703).
The other vulnerability is critical as well (CVE-2022-31705) and it affects VMware ESXi, Workstation and Fusion.

Impact

Among other consequences, it allows a malicious unauthenticated actor to execute arbitrary code.

Resolution

It is recommended to upgrade the products:
- VMware vRealize Network Insight (vRNI) versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 e 6.7 (or latest);
- VMware Workstation Pro / Player (Workstation) version 16.2.5 (or latest);
- VMware Fusion Pro / Fusion (Fusion) version 12.2.5 (or latest);
- VMware ESXi versions 7.0 Update 3i / 8.0a (or latest).

References

[1] https://www.vmware.com/security/advisories/VMSA-2022-0031.html

[2] https://www.vmware.com/security/advisories/VMSA-2022-0033.html

Citizen

Public Administration

Organizations

IT Professionals

Vulnerability Alert - VMWare

Vulnerability Alert - VMWare