CVE-2022-31680

Published Oct 7, 2022

Last updated 2 years ago

CVSS critical 9.1

Overview

Description: The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
Source: security@vmware.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 6
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-502

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F19BBA2-1468-4BE2-9B21-C43E9B2A458E",
            "versionEndExcluding": "6.5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26A3EC15-8C04-49AD-9045-4D9FADBD50CD"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF7E87BB-1B5B-4F13-A70C-B3C6716E7919"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3r:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70A9244F-2C9C-4D7D-B384-08DDF95770DA"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3s:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CBEA4F8-CBA3-4C71-96B3-47489F0D299C"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3t:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B40B0E23-410D-403D-811B-486EBF406E6D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3u:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "254F40B1-43B8-4222-A177-8906BF38D59C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References