cbcvebase.
CVE-2022-31702
published 2022-12-14

CVE-2022-31702: vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST…

PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.61%
72.9th percentile
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.

Affected

6 ranges
VendorProductVersion rangeFixed in
vmwarevrealize_network_insight
vmwarevrealize_network_insight
vmwarevrealize_network_insight
vmwarevrealize_network_insight
vmwarevrealize_network_insight
vmwarevrealize_network_insight

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is exploitable via unauthenticated requests to the vRNI REST API — monitor for unexpected or unauthenticated API calls to vRealize Network Insight REST endpoints
  • The attack chain for the related bypass (CVE-2023-20887) involves a specially crafted request to bypass nginx rules to reach the vulnerable command injection endpoint — inspect nginx access logs for anomalous or malformed requests to vRNI API paths
  • ·CVE-2022-31702 affects VMware vRealize Network Insight (vRNI); patched versions are documented in VMSA-2022-0031 — ensure patching is applied to all on-prem vRNI installations
  • ·The vulnerability is in the vRNI REST API and requires only network access — network-level controls restricting access to the REST API are a critical compensating control
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.