CVE-2022-31706

Name of the Vulnerable Software and Affected Versions vRealize Log Insight (affected versions not specified)

Description The vRealize Log Insight contains a Directory Traversal Vulnerability, allowing an unauthenticated, malicious actor to inject files into the operating system of an impacted appliance, resulting in remote code execution. Researchers from Horizon3 Attack Team have announced the release of an RCE exploit targeting a chain of vulnerabilities on unpatched VMware vRealize Log Insight devices. The exploit can be used to gain initial access to organization networks and for lateral movement with saved credentials. Attackers can obtain confidential information from logs on Log Insight nodes, including API keys and session tokens, which can help compromise additional systems and further compromise the environment. It is estimated that only a few instances of VMware vRealize Log Insight are exposed on the global network, with a total of 45 according to the Shodan metric.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.