What is CVE-2022-31706?

CVE-2022-31706 is a vulnerability in Vrealize Log Insight (Vrli). Published 2023-01-25.

Is CVE-2022-31706 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vrealize Log Insight (Vrli)

CVE-2022-31706

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

EPSS: 0.902 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a Vrealize Log Insight (Vrli) — versions vRealize Log Insight 8.10.1 and prior

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon
EGI-Federation/SVG-advisories
getdrive/PoC
horizon3ai/CVE-2023-34051
horizon3ai/vRealizeLogInsightRCE
karimhabush/cyberowl

References

www.vmware.com/security/advisories/VMSA-2023-0001.html
packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticate…

Frequently asked questions

What is CVE-2022-31706?: CVE-2022-31706 is a vulnerability in Vrealize Log Insight (Vrli). Published 2023-01-25.
Is CVE-2022-31706 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.