Operating System:

[Virtual]

Published:

19 December 2022

Protect yourself against future threats.

//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.

Read more
Resources > Security Bulletins > ESB-2022.6617 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.6617
  VMware vRealize Operations (vROps) updates address privilege escalation
              vulnerabilities (CVE-2022-31707, CVE-2022-31708
                             19 December 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           VMware vRealize Operations (vROps)
Publisher:         VMWare
Operating System:  Virtualisation
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-31708 CVE-2022-31707 

Original Bulletin: 
   https://www.vmware.com/security/advisories/VMSA-2022-0034.html

Comment: CVSS (Max):  7.2 CVE-2022-31707 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: VMware
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Advisory ID:
VMSA-2022-0034

CVSSv3 Range:
4.4-7.2

Issue Date:
2022-12-15

Updated On:
2022-12-15 (Initial Advisory)

CVE(s):
CVE-2022-31707, CVE-2022-31708

Synopsis:
VMware vRealize Operations (vROps) updates address privilege escalation 
vulnerabilities (CVE-2022-31707, CVE-2022-31708)

1. Impacted Products
- - VMware vRealize Operations (vROps)

2. Introduction
Multiple vulnerabilities in VMware vRealize Operations (vROps) were privately 
reported to VMware. Patches and updates are available to remediate these vulnerabilities 
in affected VMware products.

3a. VMware vRealize Operations (vROps) privilege escalation vulnerability (CVE-2022-31707)
Description
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware 
has evaluated the severity of this issue to be in the Important severity range 
with a maximum CVSSv3 base score of 7.2.

Known Attack Vectors
A malicious actor with administrative privileges in the vROps application can gain 
root access to the underlying operating system.

Resolution
To remediate CVE-2022-31707 apply the fixes listed in the 'Fixed Version' column of 
the 'Response Matrix' below.

Workarounds
None.

Additional Documentation
None.

Notes
None.

Acknowledgements
VMware would like to thank Anonymous working with Trend Micro Zero Day Initiative, and 
this codecc of MoyunSec TopBreaker Labs and Bing Liu of MoyunSec for independently 
reporting this issue to us.

3b. VMware vRealize Operations (vROps) contains an access control vulnerability 
(CVE-2022-31708)

Description
vRealize Operations (vROps) contains a broken access control vulnerability. VMware 
has evaluated the severity of this issue to be in the Moderate severity range with 
a maximum CVSSv3 base score of 4.4.

Known Attack Vectors
A malicious actor with admin privileges in the vROps application can read sensitive 
information from the underlying operating system.

Resolution
To remediate CVE-2022-31708 apply the updates listed in the 'Fixed Version' column 
of the 'Response Matrix' below.

Workarounds
None.

Additional Documentation
None.

Notes
None.

Acknowledgements
VMware would like to thank Anonymous working with Trend Micro Zero Day Initiative, and 
this codecc of MoyunSec TopBreaker Labs and Bing Liu of MoyunSec for independently 
reporting this issue to us.

Response Matrix
+------------+-----------+--------------+------------------+----------+------------+-----------------+---------------+-----------------+
| Product    | Version   | Running On   | CVE Identifier   | CVSSv3   | Severity   | Fixed Version   |   Workarounds |      Additional |
|            |           |              |                  |          |            |                 |               |   Documentation |
|------------+-----------+--------------+------------------+----------+------------+-----------------+---------------+-----------------|
| VMware     | 8.10      | Any          | CVE-2022-31707,  | 4.4, 7.2 | important  | 8.10.1          |           nan |             nan |
| vRealize   |           |              | CVE-2022-31708   |          |            |                 |               |                 |
| Operations |           |              |                  |          |            |                 |               |                 |
| (vROps)    |           |              |                  |          |            |                 |               |                 |
| VMware     | 8.6.x     | Any          | CVE-2022-31707,  | 4.4, 7.2 | important  | KB90232         |           nan |             nan |
| vRealize   |           |              | CVE-2022-31708   |          |            |                 |               |                 |
| Operations |           |              |                  |          |            |                 |               |                 |
| (vROps)    |           |              |                  |          |            |                 |               |                 |
+------------+-----------+--------------+------------------+----------+------------+-----------------+---------------+-----------------+

4. References
Fixed Version(s) and Release Notes:
VMware vRealize Operations (vROps) 8.10.1 Release Notes: https://docs.vmware.com/en/vRealize-Operations/8.10.1/rn/vrealize-operations-8101-release-notes/index.html
VMware vRealize Operations (vROps) 8.6.x KB90232: https://kb.vmware.com/s/article/90232
VMware vRealize Operations (vROps) 8.10

Downloads and Documentation:
https://customerconnect.vmware.com/en/downloads/info/slug/infrastructure_operations_management/vmware_vrealize_operations/8_10
https://docs.vmware.com/en/vRealize-Operations/8.10/rn/vrealize-operations-810-release-notes/index.html

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31708

FIRST CVSSv3 Calculator:
CVE-2022-31707:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31708:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5. Change Log
2022-12-15 VMSA-2022-0034
Initial security advisory.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY5+5P8kNZI30y1K9AQjmixAAof/0IiwJ3QgYD1PGtTh9kZxCXRAWwXMQ
SfYJ1jXnowDC9BXX+XVOSLb3tGqeHnZpNuOSznEqQs/+tlhmKAhi/5ZdMsPyGRH/
eL3iJM3v0q6RXs6JkVvdwTgT1OrIcX3s9+tafclHNhgjs0asL0ekKyxRcc5tB7wM
BEhT03UD1f79GDnZ3X2kC3P8hAd+sklBoi/fEXls1O/ailcoNbVKkPrQI27zKp4L
/BRfy16shol5Us0tFesaZ7c9YRWOcGaxpuVQiXzHDRJzeo2VJ6FNul3n7oJvchlU
U+0BtZwYVqqowerrltChc4KVkCXQRzsduV7cfuvRq9HmB8ecV1ZwKGSGB3BeEWUq
0eU2r7gsGZGCQI5Z57bT8XPbT9zCO/zl+52XFIUpaFoBPUlwJJ0MDiUh8/rv8Bd/
CufhPKnZQ7+I/asGqo3HGa6LSvAhwbirCvFjgSBnXhdPudikI1XbYz2b20ZSOHUC
vLFnkWcDnVBVruNZDwsGiuAAR87NG+3/3IGA5gBBsAL56wMaHT7Qk2d7erlPqoF9
aegyQCYtdlYVT8t7TK1RpxM4ezwFRwSpV3e1Vk9WMJSM54NrwazMnpCrZD9WzWyf
8SD7e2rOzmAoRmgNSkOVxlmTU2MC0Pw7KzQyeZzY9YKyFPzzZsmgmLU4SjBpnrIj
wPHDa+VvhLQ=
=vKMr
-----END PGP SIGNATURE-----