===================================================================== CERT-Renater Note d'Information No. 2022/VULN359 _____________________________________________________________________ DATE : 07/10/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware ESXi versions prior to ESXi70U3sf-20036586, ESXi670-202210101-SG, ESXi650-202210101-SG, VMware vCenter Server (vCenter Server) versions prior to 6.5 U3u, VMware Cloud Foundation (Cloud Foundation) versions prior to KB88695, KB89692. ===================================================================== https://www.vmware.com/security/advisories/VMSA-2022-0025.html _____________________________________________________________________ VMware Security Solutions Advisories VMSA-2022-0025 Important Advisory ID: VMSA-2022-0025 CVSSv3 Range: 3.8-7.2 Issue Date: 2022-10-06 Updated On: 2022-10-06 (Initial Advisory) CVE(s): CVE-2022-31680, CVE-2022-31681 Synopsis: VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2022-31680, CVE-2022-31681) 1. Impacted Products VMware ESXi VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation) 2. Introduction Multiple vulnerabilities in VMware ESXi and vCenter Server were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. 3a. VMware vCenter Server platform services controller unsafe deserialization vulnerability (CVE-2022-31680) Description The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. Known Attack Vectors A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. Resolution To remediate CVE-2022-31680 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds None. Additional Documentation None. Notes This issue impacts only vCenter Server 6.5 with an external PSC. Acknowledgements VMware would like to thank Marcin "Icewall" Noga of Cisco Talos for reporting this vulnerability to us. Response Matrix Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation vCenter Server 7.0 Any CVE-2022-31680 N/A N/A Not impacted N/A N/A vCenter Server 6.7 Any CVE-2022-31680 N/A N/A Not impacted N/A N/A vCenter Server 6.5 Any CVE-2022-31680 7.2 Important 6.5 U3u None None 3b. VMware ESXi null-pointer dereference vulnerability (CVE-2022-31681) Description VMware ESXi contains a null-pointer deference vulnerability. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.8. Known Attack Vectors A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. Resolution To remediate CVE-2022-31681 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds None. Additional Documentation None. Notes None. Acknowledgements VMware would like to thank VictorV (Tangtianwen) of Cyber Kunlun Lab for reporting this vulnerability to us. Response Matrix Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation ESXi 7.0 Any CVE-2022-31681 3.8 Low ESXi70U3sf-20036586 None None ESXi 6.7 Any CVE-2022-31681 3.8 Low ESXi670-202210101-SG None None ESXi 6.5 Any CVE-2022-31681 3.8 Low ESXi650-202210101-SG None None Impacted Product Suites that Deploy Response Matrix 3b Components: Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation Cloud Foundation (ESXi) 4.x Any CVE-2022-31681 3.8 Low KB88695 None None Cloud Foundation (ESXi) 3.x Any CVE-2022-31681 3.8 Low KB89692 None None 4. References Fixed Version(s) and Release Notes: vCenter Server 6.5 U3u Downloads and Documentation: https://customerconnect.vmware.com/downloads/details?downloadGroup=VC65U3U&productId=614&rPId=74057 https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3u-release-notes.html VMware ESXi 7.0 ESXi70U3sf-20036586 Downloads and Documentation: https://my.vmware.com/group/vmware/patch https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3f-release-notes.html VMware ESXi 6.7 ESXi670-202210101-SG Downloads and Documentation: https://my.vmware.com/group/vmware/patch https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202210001.html VMware ESXi 6.5 ESXi650-202210101-SG Downloads and Documentation: https://my.vmware.com/group/vmware/patch https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202210001.html KB Articles: VCF 4.x: https://kb.vmware.com/s/article/88695 VCF 3.x: https://kb.vmware.com/s/article/89692 Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31680 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31681 FIRST CVSSv3 Calculator: CVE-2022-31680: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-31681: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L 5. Change Log 2022-10-06 VMSA-2022-0025 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2022 VMware Inc. All rights reserved. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================