October 13, 2022

VMware Patches Code Execution Vulnerability in vCenter Server

VMware has released a patch to address a High-severity unsafe deserialization vulnerability, may lead to arbitrary code execution.

The Vulnerability

• CVE-2022-31680 (CVSS 3.1: 7.2, High Severity) – an unsafe deserialization vulnerability in the platform services controller (PSC).
  A malicious actor with administrative privileges on the vCenter server could exploit this vulnerability to execute arbitrary code on the underlying operating system that hosts the vCenter Server.

Affected Products

•  vCenter Server 6.5 with an external PSC

Mitigation

CYREBRO recommends users of the vulnerable products to update their vCenter Server to the most recent version in order to mitigate the vulnerability.

References: VMware Advisory