Vulnerability Details : CVE-2022-31680
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
Vulnerability category: Execute code
Products affected by CVE-2022-31680
- cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update3r:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update3s:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update3t:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update3u:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-31680
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-31680
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
NIST |
CWE ids for CVE-2022-31680
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-31680
-
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587
TALOS-2022-1587 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceExploit;Third Party Advisory
-
https://www.vmware.com/security/advisories/VMSA-2022-0025.html
VMSA-2022-0025Vendor Advisory
Jump to