Multiple Critical Vulnerabilities in VMware vRealize Log Insight

Share :

On Tuesday, January 24th, 2023, VMware disclosed two critical vulnerabilities in VMware vRealize Log Insight that could result in remote code execution (RCE).  

  • CVE-2022-31706 (CVSS 9.8): Directory Traversal Vulnerability 
  • CVE-2022-31704 (CVSS 9.8): Broken Access Control Vulnerability 

Although different vulnerability types, both vulnerabilities could allow an unauthenticated threat actor to inject files into the operating system of the vulnerable product which could result in RCE. 

Both vulnerabilities were responsibly disclosed to VMware and have not been actively exploited in campaigns. However, according to CISA’s Known Exploited Vulnerabilities Catalog, threat actors have leveraged vulnerabilities in VMware vRealize products historically.  

As of January 25th, 2023, we have not identified a public proof of concept (PoC) exploit for either vulnerability.  

Vulnerable Products 

Product  Version  Fixed Version  Workaround 
VMware vRealize Log Insight  8.x  8.10.2  KB90635 
VMware Cloud Foundation (VCF)   4.x and 3.x  KB90668  KB90635 


Note: Starting with VMware Cloud Foundation version 4.4.1, the Software-Defined Data Center (SDDC) Manager does not manage upgrades of VMware vRealize Log Insight.  

In addition to the two critical vulnerabilities, VMware disclosed two other vulnerabilities that impact the same VMware vRealize Log Insight versions. 

  • CVE-2022-31710 (CVSS 7.5): Deserialization Vulnerability 
  • CVE-2022-31711 (CVSS 5.3): Information Disclosure Vulnerability 


Upgrade VMware vRealize Log Insight to 8.10.2 

Arctic Wolf strongly recommends upgrading VMware vRealize Log Insight to 8.10.2 to prevent potential exploitation. The upgrade package and virtual appliance can be found in VMware’s Customer Connect portal here: 

VMware vRealize Log Insight is included in the VMware Cloud Foundation product. VMware Customers will need to upgrade VMware vRealize Log Insight via the SDDC Manager or the vRealize Suite Lifecycle Manager. 

Note: For organizations that are running older versions of VMware Cloud Foundation (versions prior to VCF 4.4.1), VMware recommends upgrading to VCF 4.4.1 or higher. 

Please follow your organizations patching and testing guidelines to avoid operational impact. 

Apply Available Workarounds if not Immediately Able to Upgrade 

If your organization cannot upgrade to the latest VMware vRealize Log Insight version, leverage VMware’s provided script for each vRealize Log Insight node in the cluster and validate that the workaround was applied correctly. The script, along with instructions can be found in VMware’s Customer Connect portal.


Picture of Steven Campbell

Steven Campbell

Steven Campbell is a Senior Threat Intelligence Researcher at Arctic Wolf Labs and has more than eight years of experience in intelligence analysis and security research. He has a strong background in infrastructure analysis and adversary tradecraft.
Share :
Table of Contents
Subscribe to our Monthly Newsletter