Advisory for VMware Security Update

  • NIC-CERT/2022-12/511
  • Date: 2022-12-14
  • CVE ID: Multiple
  • Severity: Critical

Description:

A vulnerability has been found in VMware product which can be exploited by an attacker to take control of the affected system.

Security Issues Fixed:

A heap out-of-bounds write vulnerability in VMware ESXi, Workstation, and Fusion was privately reported to VMware. Updates and workarounds are available to remediate this vulnerability in affected VMware products. Multiple vulnerabilities were privately reported to VMware. Updates are available to address this vulnerability in affected VMware products. Multiple vulnerabilities inVMware vRealize Network Insight (vRNI)were privately reported to VMware. Patches and updates are available to remediate these vulnerabilities in affected VMware products.

Affected Products and Solution:

Product

Version

Running On

CVE Identifier

Fixed Version

Workarounds

Additional Documentation

ESXi

8.0

Any

CVE-2022-31705

ESXi80a-20842819

KB87617

None

ESXi

7.0

Any

CVE-2022-31705

ESXi70U3si-20841705

KB87617

None

Fusion

13.x

OS X

CVE-2022-31705

Unaffected

N/A

N/A

Fusion

12.x

OS X

CVE-2022-31705

12.2.5

KB79712

None

Workstation

17.x

Any

CVE-2022-31705

Unaffected

N/A

N/A

Workstation

16.x

Any

CVE-2022-31705

16.2.5

KB79712

None

Access

22.09.0.0

Linux

CVE-2022-31700

Unaffected

N/A

N/A

Access

22.09.0.0

Linux

CVE-2022-31701

22.09.1.0

None

None

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31700

KB90399

None

None

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31701

KB90399

None

None

Access Connector

All

Windows

CVE-2022-31700, CVE-2022-31701

Unaffected

N/A

N/A

vIDM

3.3.6

Linux

CVE-2022-31700

KB90399

None

None

vIDM

3.3.6

Linux

CVE-2022-31701

KB90399

None

None

vIDM Connector

All

Windows

CVE-2022-31700, CVE-2022-31701

Unaffected

N/A

N/A

VMware Cloud Foundation (vIDM)

Any

Any

CVE-2022-31700, CVE-2022-31701

KB90384

N/A

N/A

VMware vRealize Network Insight (vRNI)

6.8.0

Any

CVE-2022-31702, CVE-2022-31703

Unaffected

NA

NA

VMware vRealize Network Insight (vRNI)

6.7

Any

CVE-2022-31702, CVE-2022-31703

6.7 HF

None

NA

VMware vRealize Network Insight (vRNI)

6.6

Any

CVE-2022-31702, CVE-2022-31703

6.6 HF

None

NA

VMware vRealize Network Insight (vRNI)

6.5.x

Any

CVE-2022-31702, CVE-2022-31703

6.5.x HF

None

NA

VMware vRealize Network Insight (vRNI)

6.4

Any

CVE-2022-31702, CVE-2022-31703

6.4 HF

None

NA

VMware vRealize Network Insight (vRNI)

6.3

Any

CVE-2022-31702, CVE-2022-31703

6.3 HF

None

NA

VMware vRealize Network Insight (vRNI)

6.2

Any

CVE-2022-31702, CVE-2022-31703

6.2 HF

None

NA

References:

https://www.vmware.com/security/advisories.html