CVE-2022-31680

Опубликовано: 07 окт. 2022

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.

Ссылки

https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587
Exploit
Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2022-0025.html
Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587
Exploit
Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2022-0025.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*

Версия до 6.5 (исключая)

cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update3r:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update3s:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update3t:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update3u:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04945

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-5g3f-j849-rm6p

CVSS3: 9.1

github

больше 3 лет назад

BDU:2022-06230

CVSS3: 7.2

fstec