CVE-2022-31706

CRITICAL EXPLOITED NUCLEI

Vmware Vrealize Log Insight < 4.8 - Path Traversal

Title source: rule

Description

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Exploits (2)

metasploit WORKING POC EXCELLENT
by Horizon3.ai Attack Team · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vrli_rce.rb
vulncheck_xdb WORKING POC
remote
https://github.com/horizon3ai/vRealizeLogInsightRCE

Nuclei Templates (1)

VMware vRealize Log Insight - Path Traversal
CRITICALby ritikchaddha
Shodan: http.title:"vrealize log insight"
FOFA: title="vrealize log insight"

References (3)

Scores

CVSS v3 9.8
EPSS 0.9018
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-20
CWE
CWE-22
Status published
Products (1)
vmware/vrealize_log_insight 3.0 - 4.8
Published Jan 26, 2023
Tracked Since Feb 18, 2026