Table of Contents
  • Home
  • /
  • Blog
  • /
  • How to Fix the 4 New Vulnerabilities in VMware vRealize Log Insight?
January 27, 2023
|
7m

How to Fix the 4 New Vulnerabilities in VMware vRealize Log Insight?


How To Fix The 4 New Vulnerabilities In Vmware Vrealize Log Insight

VMWare published an advisory on 24th Jan 2023 in which it disclosed four new vulnerabilities in VMWare vRealize Log Insight. Out of the four vulnerabilities, two are rated Critical, and two are rated Moderate in severity. All five vulnerabilities are assigned CVSS scores from 9.8 to 5.3. Attackers could abuse these vulnerabilities to carry out remote code execution, denial of service, and sensitive information exfiltration attacks on vulnerable versions of VMWare vRealize Log Insight. It is highly recommended that organizations who use the VMWare vRealize Log Insight should fix the four new vulnerabilities in VMWare vRealize Log Insight.

Let’s begin this post with a short introduction about the VMware vRealize Log Insight platform, then will see the summary of the four Vulnerabilities in VMware vRealize Log Insight, then see the versions vulnerable to the platform, and finally, how to fix the four new vulnerabilities in VMWare vRealize Log Insight.

A Short Note About VMWare vRealize Log Insight:

VMware vRealize Log Insight is a cloud-based log management and analytics platform that enables users to collect, analyze, and monitor logs from multiple sources. Such log management platforms allow infrastructure administrators and security teams to have greater visibility and insights into the performance and security of their infrastructure. Additionally, the VMware vRealize Log Insight platform provides automated alerting and real-time analytics capabilities, enabling users to detect issues and address them quickly. The application also offers built-in integrations with various third-party applications and services, allowing for even greater customization and flexibility.

Key features of VMWare vRealize Log Insight:

  • Automated log collection and ingestion: VMware vRealize Log Insight can collect and ingest logs from multiple sources like servers, applications, and network devices, including on-premise and cloud-based sources.

  • Real-time analytics: The platform offers real-time analytics capabilities, allowing users to quickly detect and address issues as they arise.

  • Alerting and notifications: vRealize Log Insight can issue alerts and notifications for admin and security teams, keeping them informed about any incidents or changes in the environment.

  • Third-party integrations: The platform integrates with various third-party applications and services, allowing for even greater customization and flexibility.

Overall, VMWare vRealize Log Insight is a powerful log management platform for IT administrators and Security Teams who need to monitor their infrastructure efficiently and securely. With its intuitive dashboards, sophisticated analytics, broad third-party integrations, automated alerting capabilities, and comprehensive search capabilities, it provides an effective way to gain operational visibility into physical, virtual, and cloud environments.

Summary of the 4 New Vulnerabilities in VMware vRealize Log Insight:

As per the advisory released by VMware, there are four vulnerabilities identified in the VMWarevRealize Log Insight platform. Out of four, two are marked as critical in severity with a CVSS score of 9.8 on the scale, and the remaining two flaws are marked as medium with the CVSS score of 7.5 & 5.3 out of 10.

CVE IDDescriptionCVSS ScoreCVSS Vector
CVE-2022-31706A Directory Traversal Vulnerability in VMware vRealize Log Insight9.8 criticalCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31704A Broken Access Control Vulnerability in VMware vRealize Log Insight9.8 criticalCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31710A DeserializationVulnerability in VMware vRealize Log Insight7.5 MediumCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-31711An Information DisclosureVulnerability in VMware vRealize Log Insight5.3 MediumCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2022-31706

This is a Directory Traversal vulnerability in VMware vRealize Log Insight. The successful exploitation of this flaw would allow an unauthenticated attacker to perform remote code execution attacks on the vulnerable versions of the VMware vRealize Log Insight platform. Attackers could exploit this flaw just by uploading a malicious file onto the operating system of a vulnerable appliance.

CVE-2022-31704

This is a Broken Access Control vulnerability in VMware vRealize Log Insight. The successful exploitation of this flaw would allow an unauthenticated attacker to perform remote code execution attacks on the vulnerable versions of the VMware vRealize Log Insight platform. Attackers could exploit this flaw just by uploading a malicious file onto the operating system of a vulnerable appliance.

CVE-2022-31710

This is a Deserialization vulnerability in VMware vRealize Log Insight. The successful exploitation of this flaw would allow an unauthenticated attacker to perform denial of service attacks on the vulnerable versions of the VMware vRealize Log Insight platform. Attackers could exploit this flaw just by triggering the deserialization of untrusted data.

CVE-2022-31711

This is an Information Disclosure vulnerability in VMware vRealize Log Insight. The successful exploitation of this flaw would allow an unauthenticated, remote attacker to collect sensitive session and application information from the vulnerable versions of the VMware vRealize Log Insight platform.

VMware vRealize Log Insight Versions Affected.

According to the Zero Day Initiative (ZDI) program, run by TrendMicro, a well-known security firm, all the versions up to v8.10 are affected by these four vulnerabilities.

  • All versions equal or less than 8.10.

How to Fix the 4 New Vulnerabilities in VMware vRealize Log Insight?

VMWare has released a patched version of the vRealize Log Insight platform to address these vulnerabilities. We recommend upgrading all the versions equal to or less than 8.10 to 8.10.2 or higher to patch the vulnerabilities. Please download the VMware vRealize Log Insight v8.10.2 for your operating system from here: https://customerconnect.vmware.com/downloads/details?downloadGroup=VRLI-8102&productId=1351

Upgradation guidelines are made available with the release notes. Please don’t forget to refer to the release notes and upgrade path for more details. 

You can upgrade vRealize Log Insight to version 8.10 from 8.8.x and to 8.8 from 8.6.x. You can upgrade to version 8.4 from 8.3 or 8.2, and to 8.1 from 4.8 or 8.0. To upgrade to the rest of the versions, you must follow an incremental upgrade path. The upgrade includes automatically upgrading the nodes in a cluster.
VMware

How to Upgrade vRealize Log Insight to the Latest Version?

VMware has published a comprehensive document about upgrading the VMware vRealize Log Insight platform to the latest version. Please check out their document for complete details.

Source: VMware

How to Apply Workaround?

VMware has released a workaround to apply for those who can’t apply the patch any time soon. VMware made workaround scripts available for download. Please download the KB90635_1.zip file from here. This zip file has two files in it: KB90635.sh and KB90635_validate.sh. The KB90635.sh is the script to run to apply the workaround. TheKB90635_validate.sh is the script to run to validate that the workaround is applied.

Name:KB90635_1.zip
Release Date:2023-01-26
Download Link:https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VRLI-8102&productId=1034&rPId=100036
MD5SUM:41fc5f13319a28431965247ec6ae322b
SHA1SUM:6589e02cd5fe0457835a570edbf1ad1cf53d18a7
SHA256SUM:be8af166e7208cf4b9eb8c63d65d626382f9171a6125c11a9e4c64e4caa6b575

How to Apply Workaround?

Step 1. Upload the workaround scripts to the appliances

Log into the appliances as root via SSH. Upload the “KB90635.sh” script into the “/opt/vmware/bin/”.

Step 2. Set the file permission to executable

Use chmod command utility to set the file permission to executable. Run these commands to do that:

chmod +x /opt/vmware/bin/KB90635.sh
chmod 755 /opt/vmware/bin/KB90635.sh

Step 3. Apply the workaround

Run the script with “setup” command to apply the workaround.

/opt/vmware/bin/KB90635.sh setup

Step 4. Validate the workaround

Upload the “KB90635_validate.sh” script into the “/opt/vmware/bin/”.
Run these commands to set execution permission.

chmod +x /opt/vmware/bin/KB90635_validate.sh
chmod 755 /opt/vmware/bin/KB90635_validate.sh

Execute the validation steps by running the command:

/opt/vmware/bin/KB90635_validate.sh

Note: Please ensure that all the VRLI nodes in the cluster are listed in the output.
The script will go several iterations to complete the validation process. Ensure there are no errors appear during the execution process. Upon successful execution, a message similar to the below will be displayed on your screen. This completes the successful validation.

Step 5. Repeat this process on every node in the cluster and restart the service

Repeat this process on every node in the cluster. Once all is done, restart the service by passing “stop” and “start” arguments.

/opt/vmware/bin/KB90635.sh stop
/opt/vmware/bin/KB90635.sh start

We hope this post helped you know how to fix the 4 new vulnerabilities in VMWare vRealize Log Insight. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblrMedium & Instagram, and subscribe to receive updates like this. 

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Application Security

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe