VMware Closes Critical Security Vulnerabilities

Serious vulnerabilities in VMware applications could allow attackers to execute malicious code on host systems. VMware has now released important security patches — installation is strongly recommended.

Critical Vulnerabilities in VMware vRealize Network Insight

VMware has classified the vulnerability CVE-2022-31702 in vRealize Network Insight (vRNI) as critical. According to the official security advisory, attackers with network access to the vRNI REST API could execute commands without prior authentication. In addition, a second vulnerability (CVE-2022-31703) could enable unauthorized access to affected servers.

The following versions are already protected against these exploits: vRNI 6.2 HF, 6.3 HF, 6.4 HF, 6.5.x HF, 6.6 HF, and 6.7 HF. Administrators using older builds should apply the security updates immediately to prevent potential compromise.

VMware Cloud Foundation and ESXi Also Affected

Another critical vulnerability (CVE-2022-31705) affects VMware Cloud Foundation, ESXi, Fusion, and Workstation/Player. In some cases, attackers with local administrator rights could use this flaw to execute arbitrary code directly on host systems. This poses a significant security risk for production and virtualized environments.

VMware has released patched versions to mitigate these vulnerabilities. All users are urged to apply the corresponding updates listed in the official VMware security bulletin.

Summary: Immediate Action Required

System administrators should check their VMware infrastructure as soon as possible and ensure all relevant patches are installed. Especially environments using vRealize Network Insight or Cloud Foundation must be updated without delay. Keeping virtualization platforms up to date is essential to maintain a secure and stable IT infrastructure.

For secure virtualization and cloud operations, explore centron’s Managed Server solutions and Managed Firewall services.