CVE-2022-31681 - Vulnerability Details

Vendors	Products
Vmware	Cloud Foundation Esxi

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2022-0025.html

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31681", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "dateUpdated": "2024-08-03T07:26:01.077Z", "dateReserved": "2022-05-25T00:00:00", "datePublished": "2022-10-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2022-10-07T00:00:00"}, "descriptions": [{"lang": "en", "value": "VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host."}], "affected": [{"vendor": "n/a", "product": "VMware ESXi", "versions": [{"version": "VMware ESXi (7.0 prior to ESXi70U3sf-20036586, 6.7 prior to ESXi670-202210101-SG & 6.5 prior to ESXi650-202210101-SG)", "status": "affected"}]}], "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Null-pointer dereference vulnerability"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.077Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2022-31681 (string)

assignerOrgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

assignerShortName : vmware (string)

dateUpdated : 2024-08-03T07:26:01.077Z (string)

dateReserved : 2022-05-25T00:00:00 (string)

datePublished : 2022-10-07T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

shortName : vmware (string)

dateUpdated : 2022-10-07T00:00:00 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : VMware ESXi (string)

versions : [ »

0 : { »

version : VMware ESXi (7.0 prior to ESXi70U3sf-20036586, 6.7 prior to ESXi670-202210101-SG & 6.5 prior to ESXi650-202210101-SG) (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://www.vmware.com/security/advisories/VMSA-2022-0025.html (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : Null-pointer dereference vulnerability (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T07:26:01.077Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://www.vmware.com/security/advisories/VMSA-2022-0025.html (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "288143A7-D64D-465F-8F81-9434C57189CB", "versionEndExcluding": "4.3.1.1", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "F7B0AA0D-0BE2-40C5-A432-F607EF66829C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "6C767B9C-CDAC-4651-B696-589726CDD5C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1E216CBB-8C99-46AA-B195-E16393354D14", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:*:*:*:*:*:*:*:*", "matchCriteriaId": "D223DD19-0441-4EBD-9F51-5E9012434517", "versionEndExcluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*", "matchCriteriaId": "5CBA6B5A-F345-41D1-8AA0-E5F274A2D8FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "F030A666-1955-438B-8417-5C294905399F", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "2C8DB7F6-5765-4355-B30E-9CAC39ECA5D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*", "matchCriteriaId": "A790D41E-B398-4233-9EC7-CF5BE2BC3161", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*", "matchCriteriaId": "B7619C16-5306-4C4A-88E8-E80876635F66", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*", "matchCriteriaId": "238E7AF4-722B-423D-ABB1-424286B06715", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*", "matchCriteriaId": "1E4DE8C7-72FB-4BEC-AD9E-378786295011", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*", "matchCriteriaId": "2E6DE184-35C8-4A13-91D4-4B43E9F0168C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "D3E3A02D-6C1E-4DE8-B845-60F53C056F32", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*", "matchCriteriaId": "12D385F0-DB2B-4802-AD0E-31441DA056B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*", "matchCriteriaId": "2C202879-9230-4E1D-BAB8-4FB7CE4BBC24", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*", "matchCriteriaId": "CC6DC107-5142-4155-A33B-D5BE72E9ED38", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*", "matchCriteriaId": "39817170-5C45-4F8A-916D-81B7352055DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*", "matchCriteriaId": "A2F831A7-544E-4B45-BA49-7F7A0234579C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*", "matchCriteriaId": "80A0DD2E-F1CC-413B-91F9-E3986011A0A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*", "matchCriteriaId": "C77771B2-BC64-47A5-B6DB-9CBCC4456B67", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host."}, {"lang": "es", "value": "VMware ESXi contiene una vulnerabilidad de deferencia de puntero null. Un actor malicioso con privilegios dentro del proceso VMX solamente, puede crear una condici\u00f3n de negaci\u00f3n de servicio en el host"}], "id": "CVE-2022-31681", "lastModified": "2024-11-21T07:05:07.027", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-07T21:15:11.337", "references": [{"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 288143A7-D64D-465F-8F81-9434C57189CB (string)

versionEndExcluding : 4.3.1.1 (string)

versionStartIncluding : 4.2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:4.4:*:*:*:*:*:*:* (string)

matchCriteriaId : F7B0AA0D-0BE2-40C5-A432-F607EF66829C (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:4.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 6C767B9C-CDAC-4651-B696-589726CDD5C2 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:4.4.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 1E216CBB-8C99-46AA-B195-E16393354D14 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:vmware:esxi:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D223DD19-0441-4EBD-9F51-5E9012434517 (string)

versionEndExcluding : 7.0 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 5CBA6B5A-F345-41D1-8AA0-E5F274A2D8FB (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:* (string)

matchCriteriaId : F030A666-1955-438B-8417-5C294905399F (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:* (string)

matchCriteriaId : 2C8DB7F6-5765-4355-B30E-9CAC39ECA5D9 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:* (string)

matchCriteriaId : A790D41E-B398-4233-9EC7-CF5BE2BC3161 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:* (string)

matchCriteriaId : B7619C16-5306-4C4A-88E8-E80876635F66 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:* (string)

matchCriteriaId : 238E7AF4-722B-423D-ABB1-424286B06715 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:* (string)

matchCriteriaId : 1E4DE8C7-72FB-4BEC-AD9E-378786295011 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:* (string)

matchCriteriaId : 2E6DE184-35C8-4A13-91D4-4B43E9F0168C (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:* (string)

matchCriteriaId : D3E3A02D-6C1E-4DE8-B845-60F53C056F32 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:* (string)

matchCriteriaId : 12D385F0-DB2B-4802-AD0E-31441DA056B9 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:* (string)

matchCriteriaId : 2C202879-9230-4E1D-BAB8-4FB7CE4BBC24 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:* (string)

matchCriteriaId : CC6DC107-5142-4155-A33B-D5BE72E9ED38 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:* (string)

matchCriteriaId : 39817170-5C45-4F8A-916D-81B7352055DD (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:* (string)

matchCriteriaId : A2F831A7-544E-4B45-BA49-7F7A0234579C (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:* (string)

matchCriteriaId : 80A0DD2E-F1CC-413B-91F9-E3986011A0A0 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:* (string)

matchCriteriaId : C77771B2-BC64-47A5-B6DB-9CBCC4456B67 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. (string)

}

1 : { »

lang : es (string)

value : VMware ESXi contiene una vulnerabilidad de deferencia de puntero null. Un actor malicioso con privilegios dentro del proceso VMX solamente, puede crear una condición de negación de servicio en el host (string)

}

]

id : CVE-2022-31681 (string)

lastModified : 2024-11-21T07:05:07.027 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2 (number)

impactScore : 4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-10-07T21:15:11.337 (string)

references : [ »

0 : { »

source : security@vmware.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2022-0025.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2022-0025.html (string)

}

]

sourceIdentifier : security@vmware.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-476 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object