Security Alert (A22-12-10): Multiple Vulnerabilities in VMware Products


 

Published on: 14 December 2022

  
  

Description:

VMware has published security advisories to address multiple vulnerabilities in VMware products. The list of the security updates can be found at:
https://www.vmware.com/security/advisories/VMSA-2022-0031.html
https://www.vmware.com/security/advisories/VMSA-2022-0032.html
https://www.vmware.com/security/advisories/VMSA-2022-0033.html

 

Affected Systems:

  • VMware ESXi
  • VMware Cloud Foundation
  • VMware Fusion
  • VMware Identity Manager
  • VMware vRealize Network Insight
  • VMware Workspace ONE Access
  • VMware Workstation

 

Impact:

Depending on the vulnerability being exploited, a successful exploitation could lead to remote code execution, arbitrary command injection, information disclosure or security restriction bypass on the affected system.

 

Recommendation:

Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.vmware.com/security/advisories/VMSA-2022-0031.html
  • https://www.vmware.com/security/advisories/VMSA-2022-0033.html
  • https://www.vmware.com/security/advisories/VMSA-2022-0032.html
  • https://www.hkcert.org/security-bulletin/vmware-products-multiple-vulnerabilities_20221214
  • https://www.cisa.gov/uscert/ncas/current-activity/2022/12/13/vmware-releases-security-updates-multiple-products
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31700 (to CVE-2022-31703)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31705


Tag: VMware , ESXi , VMware Cloud Foundation , VMware Fusion , VMware Identity Manager , VMware vRealize Network Insight , VMware Workspace One Access , VMware Workstation
Tags