This vulnerability allows remote malicious users to execute arbitrary code on affected installations of VMware vRealize Network Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createSupportBundle function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware vrealize network insight 6.5.1 |
||
vmware vrealize network insight 6.2.0 |
||
vmware vrealize network insight 6.3.0 |
||
vmware vrealize network insight 6.4.0 |
||
vmware vrealize network insight 6.6.0 |
||
vmware vrealize network insight 6.7.0 |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus there's a PoC for this unpatched Cisco bug
Patch Tuesday For its final Patch Tuesday of the year, Microsoft fixed one bug that's already been exploited in the wild – and another that's publicly known. That brings its total for December to 49 patched vulnerabilities, six of which are rated critical. The bug that's listed as exploited-in-the-wild is tracked as CVE-2022-44698. It's a Windows SmartScreen security feature bypass vulnerability, and it received a 5.4 CVSS rating. "An attacker can craft a malicious file that would evade Mark o...