vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.
References
| Link | Resource |
|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0031.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Dec 2022, 21:12
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:vmware:vrealize_network_insight:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_network_insight:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_network_insight:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_network_insight:6.7.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_network_insight:6.6.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_network_insight:6.5.1:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.vmware.com/security/advisories/VMSA-2022-0031.html - Patch, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CWE | CWE-77 | |
| First Time |
Vmware
Vmware vrealize Network Insight |
14 Dec 2022, 20:00
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-12-14 19:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-31702
Mitre link : CVE-2022-31702
CVE.ORG link : CVE-2022-31702
JSON object : View
Products Affected
vmware
- vrealize_network_insight
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')