VMware: Critical vulnerabilities closed
Malicious code could enter host systems via loopholes in VMware applications – vmware vulnerability closed. Current security patches should be installed as a matter of urgency.
VMware has classified the vulnerability CVE-2022-31702 in vRealize Network Insight (vRNI) as “Critical”. According to a corresponding alert, attackers with network access to the vRNI REST API could use their own commands without perform authentication. In this context, exploiting another vulnerability (CVE-2022-31703) could allow attackers to access servers. The vRNI versions 6.2 HF, 6.3 HF, 6.4 HF, 6.5.x HF, 6.6 HF and 6.7 HF are protected against such attacks.
Another critical vulnerability (CVE-2022-31705) also threatens VMware Cloud Foundation, ESXi, Fusion and Workspace/Player – vmware vulnerability closed. In some cases, attackers with local admin rights could even execute malicious code on host systems. A corresponding vulnerabilities message lists the versions secured against this. Learn more.