Vulnerability Description
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Vcenter Server | < 6.5 |
Related Weaknesses (CWE)
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587ExploitThird Party Advisory
- https://www.vmware.com/security/advisories/VMSA-2022-0025.htmlVendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587ExploitThird Party Advisory
- https://www.vmware.com/security/advisories/VMSA-2022-0025.htmlVendor Advisory
FAQ
What is CVE-2022-31680?
CVE-2022-31680 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute a...
How severe is CVE-2022-31680?
CVE-2022-31680 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-31680?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Vcenter Server.