CVE-2022-31680

high-risk

Published 2022-10-07

The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.

Do I need to act?

3.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Vcenter Server

Affected Vendors

Vmware

References (4)

Exploit https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587

Vendor Advisory https://www.vmware.com/security/advisories/VMSA-2022-0025.html

Exploit https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587

Vendor Advisory https://www.vmware.com/security/advisories/VMSA-2022-0025.html

/ 100

high-risk

Severity 31/34 · Critical

Exploitability 7/34 · Low

Exposure 22/34 · High