BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • White hat hackers release VMware vRealize Log RCE exploit


    Security researchers from the Horizon3 team will release an exploit targeting the chain of vulnerabilities online to enable remote code execution on devices with VMware vRealize Log Insight.

    Now known as VMware Aria Operations for Logs, it makes it much easier for VMware administrators to analyze and manage system logs.

    VMware has fixed four security vulnerabilities in this log analyzer, two of which are critical and allow hackers to execute code remotely. Both vulnerabilities are marked as critical with baseline CVSS scores of 9.8/10. They can be used by attackers in low complexity attacks that do not require authentication.

    One of them (CVE-2022-31706) is a directory traversal vulnerability that can be used to inject files into the operating system. And the second one (CVE-2022-31704) is an access control vulnerability.

    VMware also fixed a deserialization vulnerability (CVE-2022-31710) that could cause a system crash, as well as an information disclosure vulnerability (CVE-2022-31711) that could be used to access sensitive data.

    On January 26, the Horizon3 team alerted VMware administrators that they have managed to create an exploit that combines three of the four vulnerabilities already patched by VMware to remotely execute code as root.

    All vulnerabilities can be exploited in the default VMware vRealize Log Insight appliance configuration. The exploit can be used to gain initial access to corporate networks (through devices connected to the Internet) and to navigate the network with stored credentials.

    A day later, Horizon3 published a blog post with more information, including a list of Indicators of Compromise (IoC) professionals can use to detect signs of usage on their networks.

    With the aforementioned exploit, attackers can obtain sensitive information from logs on Log Insight hosts, including API keys and session tokens, which can help break into additional systems and compromise the environment even further.

    James Horseman, researcher at Horizon3, said there are only 45 vulnerable devices on the Internet right now. It's relatively small. This number is to be expected, as VMware vRealize Log Insight is designed for internal access to organization-specific networks. Connecting from outside is usually not possible. However, it is not uncommon for cybercriminals to exploit vulnerabilities in already compromised networks to expand the aforementioned access.

    In May 2022, Horizon3 released an exploit for CVE-2022-22972, a critical authentication bypass vulnerability affecting several VMware products and allowing hackers to gain administrator rights.

    Author DeepWeb
    Google Play has let scammers into its store again
    Italy announced a massive cyber attack

    Comments 0

    Add comment