Patching Urged For ‘Important’ VMware vRealize Vulnerabilities

January 25, 2023, 04:00 PM EST

By exploiting the vulnerabilities in VMware’s vRealize Log Perception device, an attacker might seize management of an impacted system, the U.S. cybersecurity company stated Wednesday.

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) is urging the deployment of patches for vulnerabilities affecting a VMware log administration and analytics device, together with two vulnerabilities which have obtained a “important” severity ranking from VMware.

The 2 important vulnerabilities affecting VMware’s vRealize Log Perception device might be leveraged to allow distant execution of code on a system by an unauthenticated person, the corporate stated. In different phrases, “a distant attacker might exploit these vulnerabilities to take management of an affected system,” CISA stated in its advisory Wednesday.

“CISA encourages customers and directors to assessment VMware Safety Advisory VMSA-2023-0001 and apply the required updates,” the company stated.

[Related: Microsoft Seeing Exploits Of Windows Zero Day Vulnerability]

Whereas each VMware and CISA are referring to the affected device as vRealize Log Perception of their advisories, presumably as a result of that’s the more-recognizable identify, the device has really been renamed and is official now generally known as VMware Aria Operations for Logs, in keeping with VMware’s web site.

The 2 VMware vulnerabilities that would allow distant code execution are:

• A “listing traversal” vulnerability (tracked at CVE-2022-31706), via which “an unauthenticated, malicious actor can inject recordsdata into the working system of an impacted equipment which can lead to distant code execution,” VMware stated. The vulnerability has been given a “important” severity ranking with a rating of 9.8 out of 10.0.
• A damaged entry management vulnerability (tracked at CVE-2022-31704), with which “an unauthenticated, malicious actor can inject recordsdata into the working system of an impacted equipment which can lead to distant code execution,” VMware stated. The vulnerability has additionally been given a “important” severity ranking with a rating of 9.8 out of 10.0.

The 2 different vRealize Log Perception vulnerabilities disclosed this week by VMware embody a deserialization vulnerability (with a severity rating of seven.5, thought of to be of “essential” severity) and an info disclosure vulnerability (with a severity rating of 5.3, thought of to be of “average” severity).

On the subject of the continuing situation of needing to deal with vulnerabilities in software program, the important thing for organizations is to get a deal with on what the precise enterprise affect might be from any given vulnerability — after which prioritize accordingly, in keeping with Brad Davenport, vice chairman of technical structure for cybersecurity, networking and collaboration at Logicalis US, No. 66 on the 2022 CRN Answer Supplier 500.

“With so many various options in your infrastructure, with so many various software program suites, you’ll be able to’t presumably be anticipated to be 100% patched all the time,” Davenport informed CRN. “It’s a relentless prioritization recreation to find out what finally is the enterprise affect, after which to actually prioritize these issues.”

With the ability to prioritize in that means, nevertheless, is an space that many companies battle with. Many companies “haven’t but reached that degree of maturity, the place they perceive what the precise enterprise affect of vulnerabilities are,” he stated.

That’s prompted many organizations to hunt out advisory providers for these kind of eventualities from suppliers that supply them equivalent to Logicalis US, Davenport stated.

“What we’ve tried to do is push that dialog additional exterior of the IT determination makers, and speak extra usually with the enterprise leaders and enterprise proprietor about dangers” from points equivalent to software program vulnerabilities, he stated.