Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.6617 VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities (CVE-2022-31707, CVE-2022-31708 19 December 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware vRealize Operations (vROps) Publisher: VMWare Operating System: Virtualisation Resolution: Patch/Upgrade CVE Names: CVE-2022-31708 CVE-2022-31707 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2022-0034.html Comment: CVSS (Max): 7.2 CVE-2022-31707 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) CVSS Source: VMware Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- Advisory ID: VMSA-2022-0034 CVSSv3 Range: 4.4-7.2 Issue Date: 2022-12-15 Updated On: 2022-12-15 (Initial Advisory) CVE(s): CVE-2022-31707, CVE-2022-31708 Synopsis: VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities (CVE-2022-31707, CVE-2022-31708) 1. Impacted Products - - VMware vRealize Operations (vROps) 2. Introduction Multiple vulnerabilities in VMware vRealize Operations (vROps) were privately reported to VMware. Patches and updates are available to remediate these vulnerabilities in affected VMware products. 3a. VMware vRealize Operations (vROps) privilege escalation vulnerability (CVE-2022-31707) Description vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. Known Attack Vectors A malicious actor with administrative privileges in the vROps application can gain root access to the underlying operating system. Resolution To remediate CVE-2022-31707 apply the fixes listed in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds None. Additional Documentation None. Notes None. Acknowledgements VMware would like to thank Anonymous working with Trend Micro Zero Day Initiative, and this codecc of MoyunSec TopBreaker Labs and Bing Liu of MoyunSec for independently reporting this issue to us. 3b. VMware vRealize Operations (vROps) contains an access control vulnerability (CVE-2022-31708) Description vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. Known Attack Vectors A malicious actor with admin privileges in the vROps application can read sensitive information from the underlying operating system. Resolution To remediate CVE-2022-31708 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds None. Additional Documentation None. Notes None. Acknowledgements VMware would like to thank Anonymous working with Trend Micro Zero Day Initiative, and this codecc of MoyunSec TopBreaker Labs and Bing Liu of MoyunSec for independently reporting this issue to us. Response Matrix +------------+-----------+--------------+------------------+----------+------------+-----------------+---------------+-----------------+ | Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional | | | | | | | | | | Documentation | |------------+-----------+--------------+------------------+----------+------------+-----------------+---------------+-----------------| | VMware | 8.10 | Any | CVE-2022-31707, | 4.4, 7.2 | important | 8.10.1 | nan | nan | | vRealize | | | CVE-2022-31708 | | | | | | | Operations | | | | | | | | | | (vROps) | | | | | | | | | | VMware | 8.6.x | Any | CVE-2022-31707, | 4.4, 7.2 | important | KB90232 | nan | nan | | vRealize | | | CVE-2022-31708 | | | | | | | Operations | | | | | | | | | | (vROps) | | | | | | | | | +------------+-----------+--------------+------------------+----------+------------+-----------------+---------------+-----------------+ 4. References Fixed Version(s) and Release Notes: VMware vRealize Operations (vROps) 8.10.1 Release Notes: https://docs.vmware.com/en/vRealize-Operations/8.10.1/rn/vrealize-operations-8101-release-notes/index.html VMware vRealize Operations (vROps) 8.6.x KB90232: https://kb.vmware.com/s/article/90232 VMware vRealize Operations (vROps) 8.10 Downloads and Documentation: https://customerconnect.vmware.com/en/downloads/info/slug/infrastructure_operations_management/vmware_vrealize_operations/8_10 https://docs.vmware.com/en/vRealize-Operations/8.10/rn/vrealize-operations-810-release-notes/index.html Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31707 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31708 FIRST CVSSv3 Calculator: CVE-2022-31707: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-31708: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 5. Change Log 2022-12-15 VMSA-2022-0034 Initial security advisory. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY5+5P8kNZI30y1K9AQjmixAAof/0IiwJ3QgYD1PGtTh9kZxCXRAWwXMQ SfYJ1jXnowDC9BXX+XVOSLb3tGqeHnZpNuOSznEqQs/+tlhmKAhi/5ZdMsPyGRH/ eL3iJM3v0q6RXs6JkVvdwTgT1OrIcX3s9+tafclHNhgjs0asL0ekKyxRcc5tB7wM BEhT03UD1f79GDnZ3X2kC3P8hAd+sklBoi/fEXls1O/ailcoNbVKkPrQI27zKp4L /BRfy16shol5Us0tFesaZ7c9YRWOcGaxpuVQiXzHDRJzeo2VJ6FNul3n7oJvchlU U+0BtZwYVqqowerrltChc4KVkCXQRzsduV7cfuvRq9HmB8ecV1ZwKGSGB3BeEWUq 0eU2r7gsGZGCQI5Z57bT8XPbT9zCO/zl+52XFIUpaFoBPUlwJJ0MDiUh8/rv8Bd/ CufhPKnZQ7+I/asGqo3HGa6LSvAhwbirCvFjgSBnXhdPudikI1XbYz2b20ZSOHUC vLFnkWcDnVBVruNZDwsGiuAAR87NG+3/3IGA5gBBsAL56wMaHT7Qk2d7erlPqoF9 aegyQCYtdlYVT8t7TK1RpxM4ezwFRwSpV3e1Vk9WMJSM54NrwazMnpCrZD9WzWyf 8SD7e2rOzmAoRmgNSkOVxlmTU2MC0Pw7KzQyeZzY9YKyFPzzZsmgmLU4SjBpnrIj wPHDa+VvhLQ= =vKMr -----END PGP SIGNATURE-----