Security Alert (A22-12-10): Multiple Vulnerabilities in VMware Products

Description:

VMware has published security advisories to address multiple vulnerabilities in VMware products. The list of the security updates can be found at:
https://www.vmware.com/security/advisories/VMSA-2022-0031.html
https://www.vmware.com/security/advisories/VMSA-2022-0032.html
https://www.vmware.com/security/advisories/VMSA-2022-0033.html

Affected Systems:

• VMware ESXi
• VMware Cloud Foundation
• VMware Fusion
• VMware Identity Manager
• VMware vRealize Network Insight
• VMware Workspace ONE Access
• VMware Workstation

Impact:

Depending on the vulnerability being exploited, a successful exploitation could lead to remote code execution, arbitrary command injection, information disclosure or security restriction bypass on the affected system.

Recommendation:

Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• https://www.vmware.com/security/advisories/VMSA-2022-0031.html
• https://www.vmware.com/security/advisories/VMSA-2022-0033.html
• https://www.vmware.com/security/advisories/VMSA-2022-0032.html
• https://www.hkcert.org/security-bulletin/vmware-products-multiple-vulnerabilities_20221214
• https://www.cisa.gov/uscert/ncas/current-activity/2022/12/13/vmware-releases-security-updates-multiple-products
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31700 (to CVE-2022-31703)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31705