VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022.
A working exploit for the CVE-2022-31705 vulnerability was demonstrated by Ant Security researcher Yuhao Jiang during the Geekpwn, a hacking contest run by the Tencent Keen Security Lab and it awarded the top prize.
VMware heap out-of-bound write vulnerability in ECHI (CVE-2022-31705)
The vulnerability with a CVSSv3 score of 9.3 is a heap out-of-bounds write issue in the USB 2.0 controller (EHCI). VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process runs on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
VMware vRealize Network Insight (vRNI) command injection vulnerability (CVE-2022-31702)
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API.A malicious actor with network access to the vRNI REST API can execute commands without authentication.”
VMware vRealize Network Insight (vRNI) contains a directory traversal vulnerability (CVE-2022-31703)
vRealize Network Insight (vRNI) directory traversal vulnerability in vRNI REST API. A malicious actor with network access to the vRNI REST API can read arbitrary files from the server.