Skip to content

Add in VMWare VRealize RCE chain (CVE-2022-31706, CVE-2022-31704, CVE-2022-31711) #17706

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
Add in VMWare VRealize RCE chain (CVE-2022-31706, CVE-2022-31704, CVE-2022-31711)#17706
Labels
suggestion-moduleNew module suggestions
@gwillcox-r7

Description

@gwillcox-r7
gwillcox-r7
opened on Feb 27, 2023

Summary

By combining a directory traversal, broken access control, and information disclosure vulnerability, it is possible to gain unauthenticated RCE on a vulnerable VMware vRealize Log Insight device.

Basic example

Technical writeup is at https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive

POC is at https://github.com/horizon3ai/vRealizeLogInsightRCE

Motivation

VMWare products are heavily targeted in the wild and we don't often get as many of them added into Metasploit.

Metadata

Assignees

No one assigned

    Labels

    suggestion-moduleNew module suggestions

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions