cve/2022/CVE-2022-31704.md

CVE-2022-31704

Description

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.

POC

Reference

• http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html

Github

• https://github.com/getdrive/PoC
• https://github.com/horizon3ai/CVE-2023-34051
• https://github.com/horizon3ai/vRealizeLogInsightRCE
• https://github.com/karimhabush/cyberowl