VMware tackles security flaws in ESXi and vRealize

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

VMware addressed security weaknesses to address a critical-severity vulnerability affecting ESXi, Workstation, Fusion, and Cloud Foundation, as well as a critical-severity command injection flaw impacting vRealize Network Insight. CVE-2022-31705 is a heap out-of-bounds write vulnerability that allows a local privileged user on the guest OS to execute arbitrary code. Exploiting this vulnerability could potentially compromise the host operating system.