CVE-2022-31699

moderate-risk

Published 2022-12-13

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

Do I need to act?

-

0.40% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

3

CVSS 3.3/10 Low

LOCAL / LOW complexity

Affected Products (20)

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Cloud Foundation

Affected Vendors

Vmware

References (2)

Vendor Advisory https://www.vmware.com/security/advisories/VMSA-2022-0030.html

Vendor Advisory https://www.vmware.com/security/advisories/VMSA-2022-0030.html

48

/ 100

moderate-risk

Severity 13/34 · Low

Exploitability 2/34 · Minimal

Exposure 33/34 · Critical