Description:

VMware has published security advisories to address multiple vulnerabilities in VMware products. The list of the security updates can be found at:
https://www.vmware.com/security/advisories/VMSA-2022-0031.html
https://www.vmware.com/security/advisories/VMSA-2022-0032.html
https://www.vmware.com/security/advisories/VMSA-2022-0033.html

Affected Systems:

• VMware ESXi
• VMware Cloud Foundation
• VMware Fusion
• VMware Identity Manager
• VMware vRealize Network Insight
• VMware Workspace ONE Access
• VMware Workstation

Impact:

Depending on the vulnerability being exploited, a successful exploitation could lead to remote code execution, arbitrary command injection, information disclosure or security restriction bypass on the affected system.

Recommendation:

Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• https://www.vmware.com/security/advisories/VMSA-2022-0031.html
• https://www.vmware.com/security/advisories/VMSA-2022-0033.html
• https://www.vmware.com/security/advisories/VMSA-2022-0032.html
• https://www.hkcert.org/security-bulletin/vmware-products-multiple-vulnerabilities_20221214
• https://www.cisa.gov/uscert/ncas/current-activity/2022/12/13/vmware-releases-security-updates-multiple-products
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31700 (to CVE-2022-31703)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31705