Remediating VMware vRealize Log RCE urged amid imminent exploit

Organizations using VMware vRealize Log Insight appliances, now known as VMware Aria Operations for Logs, have been urged to promptly apply patches issued last week addressing four security flaws, including two critical bugs, amid the imminent release of an exploit, reports BleepingComputer. Three of the vulnerabilities, tracked as CVE-2022-31704, CVE-2022-31706, and CVE-2022-31711, have been chained by the Horizon3 Attack Team to create an exploit enabling remote code execution as root and could be leveraged to obtain initial access to organizational networks, as well as achieve lateral movement. "This vulnerability is easy to exploit however, it requires the attacker to have some infrastructure setup to serve malicious payloads. Additionally, since this product is unlikely to be exposed to the internet, the attacker likely has already established a foothold somewhere else on the network. This vulnerability allows for remote code execution as root, essentially giving an attacker complete control over the system," said Horizon3 Attack Team researchers.