VMware has released fixes to address vRealize Log Insight vulnerabilities that could allow attackers to get remote code execution on uncorrected devices.
vRealize Log Insight (VMware Aria Operations for Logs) is a tool for analyzing and managing infrastructure and application logs in VMware environments.
The first critical CVE-2022-31703 is described as a directory traversal vulnerability that attackers can use to inject files into the OS of devices for RCE.
The second CVE-2022-31704 is an access control vulnerability that can also be abused for remote code execution on vulnerable devices by introducing malicious files.
Both vulnerabilities have a CVSS score of 9.8/10 and can be used by unauthorized attackers in low-complexity attacks that do not require user intervention.
VMware has also eliminated a deserialization vulnerability (CVE-2022-31710) that can be used to invoke DoS status, as well as an information disclosure error (CVE-2022-31711) that can be used to access sensitive session or application information.
The bugs were fixed with the release of VMware vRealize Log Insight 8.10.2. However, none of the bugs were marked as exploited in the wild.
In addition, VMware provided detailed instructions for upgrading to the latest version of vRealize Log Insight (here) and shared a temporary fix.
To apply it, you should run a script under root via SSH on each vRealize Log Insight node in your cluster (provided by VMware here), after which you should make sure that the workaround scenario is successfully implemented by registering each node and a message about its installation.