overview

This week, VMware patched a critical vulnerability impacting ESXi, Workstation, Cloud Foundation, and Fusion. CVE-2022-31705 is a heap-out-of-bounds vulnerability with a CVSS severity rating of 9.3. The vulnerability was found in the USB 2.0 controller (EHCI).  

According to VMware’s advisory, CVE-2022-31705 could allow an attacker with local administrative privileges on a virtual machine to execute code due to the virtual machine’s VMX process running on the host. Although exploitation of ESXi is limited to the VMX, exploitation of Workstation and Fusion may lead to code execution on the machine wherever Workstation or Fusion is installed.  

The following products are impacted by CVE-2022-31705: 

  • ESXi 8.0 (fixed in ESXi 8.0a-20842819) 
  • ESXi 7.0 (fixed in 7.0U3i-20842708) 
  • Fusion 12.x (fixed in 12.2.5) 
  • Workstation 16.x (fixed in 16.2.5) 
  • Cloud Foundation 4.x/3.x (fixed in KB90336) 
  • Please note that VMware Fusion 13.x and Workstation 17.x are not impacted by the vulnerability.

VMware also patched an additional critical vulnerability impacting vRealize Network Insight. CVE-2022-31702 has a CVSS severity score of 9.8 and is a command injection vulnerability in the vRNI REST API. The vulnerability could give threat actors with network access to the vRNI API the ability to execute commands without authentication. There are no workarounds for CVE-2022-31702, so it is highly recommended that you apply the appropriate patch immediately.  

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. 
  • Avertium offers Vulnerability Management to provide a deeper understanding and control over organizational information security risks.  If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap. 
  • Avertium recommends utilizing our service for DFIR (Digital Forensics and Incident Response) to help you rapidly assess, contain, eradicate, and recover from a security incident like a malware attack.
 

 

Avertium's recommendations    

CVE-2022-31705 

  • Avertium recommends applying the appropriate patch for CVE-2022-31705, which you may find here 
  • If you cannot apply the patch, VMware has a workaround for the vulnerability which involves removing the USB Controller. For ESXi, refer to KB87617, for Fusion 12.x and Workstation 16.x, refer to KB79712. 

CVE-2022-31702 

  • Avertium recommends applying the appropriate patch for CVE-2022-31702, which you may find here 
  • There are no workarounds for this vulnerability.  

CVE-2022-31705 

  • 178[.]33[.]187[.]0/24 

CVE-2022-31702 

  • Currently, there are no known indicators of compromise for this vulnerability. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   
 

 

SUPPORTING DOCUMENTATION

VMSA-2022-0033 (vmware.com) 

VMSA-2022-0031 (vmware.com) 

Steps to remove a USB controller from a VMware ESXi virtual machine (87617)  

VMware fixes critical ESXi and vRealize security flaws (bleepingcomputer.com) 

 

 

 

 

 

Related Resource:  2023 Cybersecurity Landscape: 8 Lessons for Cybersecurity Professionals

Chat With One of Our Experts



VMWare vulnerability Flash Notice VMware Blog