vRealize Log Insight software vulnerabilities are patched by VMware
On Tuesday, VMware released software to remediate four security vulnerabilities influencing vRealize Log Insight (also known as Aria Operations for Logs) that could disclose users to remote code execution attacks. Out of which, two flaws are very severe as they have a 9.8 rating out of 10, the computerization service provider illustrates in its initial security bulletin for 2023.
Two flaws that are being tracked are CVE-2022-31706, and a threat actor could oppress CVE-2022-31704, the catalog, and broken access control issues to attain remote code implementation regardless of variability in the attack pathway.
The company said about the two flaws, “An unauthenticated, malicious actor can execute remote code through the operating system of an affected appliance.” The third is a denial-of-service (DoS) vulnerability (CVE-2022-31710, CVSS score: 7.5) that unauthenticated attackers could exploit. Another vulnerability has been found in vRealize Log Insight that allows unauthorized access to sensitive session and application data (CVE-2022-31711, CVSS score: 5.3).
According to Horizon3’s Attack Team, the team has created an exploit that chains three of the four VMware patched flaws to execute code remotely as root. VMware vRealize Log Insight appliances have all vulnerabilities exploitable by default. Other than this, the exploit can be used here to acquire initial access to the enterprise’s network(through Internet-exposed devices) and for sideways movement with stored credentials.
Just after one day, the security researcher posted a blog post with additional details, including a catalog of indicators of compromise(IOCs) that preservers could use to find signs of exploitation within their networks. By exploiting Log Insight logs, attackers can obtain API keys and session tokens that will allow the further compromise of the environment and compromise other systems.
However, it is simple to exploit this vulnerability; the attacker needs to have some framework setup to attend malicious burden, per the researcher. Besides, the attacker has already entrenched a foothold outside the network as the product is likely to be kept from the internet.
Remote code execution is allowed by the vulnerability as root, substantially giving an attacker absolute control over the system. According to the researcher, only 45 occurrences were publicly revealed online.
Since VMware vRealize Log Insight appliances are designed to be accessed inside an organization’s network, this is to be expected. However, Threat actors frequently exploit vulnerabilities in breached networks to spread laterally to other devices, making them valuable targets for them.
Previously also, in May 2022, another critical identified bypass vulnerability, CVE-2022-22972, affected various VMware products ad allowed threat actors to acquire admin advantages.
Get ESOF VMDR to patch the Log Insight vulnerabilities.
ESOF is a next-gen Vulnerability Management platform that detects and mitigates vulnerabilities in your entire IT stack. ESOF VMDR implements to protect from malicious cyberattacks. Besides, it prioritizes, automatically, immediately, and continuously monitors all vulnerabilities as soon as the user installs them on their system.
- With its Threat intelligence feature, it can determine which assets are vulnerable.
- Therefore, assisting the vector in string and attack vector of the cyber attack.
- The cyber risk score enhances the organization’s communication. As a result, it reduces cyber risk with a cyber score and gives business owners a sense of how secure their organization is.
- Rapidly turn down critical vulnerabilities by auto-prioritization and auto-remediation.
- Protect all the real-time files in your organization’s complete IT stack.
- With schedule scanning, you can find zero-day vulnerabilities according to their architecture, like web, Mobile, SCR, and Infra.
- ESOF VMDR helps find the system’s hidden vulnerabilities and segregates the ones considered high risk.
TAC Security uses machine learning to report these vulnerabilities for the upcoming month. Your most recent scan results will calculate each architecture type’s vulnerability specifics.
The new ESOF Prediction Feature predicts the number of vulnerabilities in an asset by providing a cyber risk score for the coming month. Here are the following which Prediction feature does:
- Predicts monthly vulnerabilities
- Predicts Cyber Risk Score
- Predicting the vulnerabilities that may arise in the upcoming month
- Top 5 vulnerabilities
Rather than fearing or ignoring cyber attacks, do ensure your cyber resilience to them.
Download the ESOF VMDR datasheet for more information.