CVE-2022-31680

The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
vmwarevcenter_server
𝑥
< 6.5
vmwarevcenter_server
6.5
vmwarevcenter_server
6.5:a
vmwarevcenter_server
6.5:b
vmwarevcenter_server
6.5:c
vmwarevcenter_server
6.5:d
vmwarevcenter_server
6.5:update1
vmwarevcenter_server
6.5:update1b
vmwarevcenter_server
6.5:update1c
vmwarevcenter_server
6.5:update1d
vmwarevcenter_server
6.5:update1e
vmwarevcenter_server
6.5:update1g
vmwarevcenter_server
6.5:update2
vmwarevcenter_server
6.5:update2b
vmwarevcenter_server
6.5:update2c
vmwarevcenter_server
6.5:update2d
vmwarevcenter_server
6.5:update2g
vmwarevcenter_server
6.5:update3
vmwarevcenter_server
6.5:update3d
vmwarevcenter_server
6.5:update3f
vmwarevcenter_server
6.5:update3k
vmwarevcenter_server
6.5:update3n
vmwarevcenter_server
6.5:update3p
vmwarevcenter_server
6.5:update3q
vmwarevcenter_server
6.5:update3r
vmwarevcenter_server
6.5:update3s
vmwarevcenter_server
6.5:update3t
vmwarevcenter_server
6.5:update3u
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587
https://www.vmware.com/security/advisories/VMSA-2022-0025.html
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587
https://www.vmware.com/security/advisories/VMSA-2022-0025.html