{"vulnerability": "cve-2022-31705", "sightings": [{"uuid": "82f89d13-16ae-42a1-a130-81753c0666c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-31705", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_27/2022", "content": "", "creation_timestamp": "2022-12-14T08:14:08.000000Z"}, {"uuid": "506a9cd9-b3cf-4729-a405-b4cb7e4ddb08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31705", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7527", "content": "#exploit\n1. CVE-2022-31705:\nGeekpwn 2022 Vmware EHCI OOB\nhttps://github.com/s0duku/cve-2022-31705\n\n2. Linux >=4.10: UAF in __do_semtimedop() due to lockless check outside RCU section\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2391\n\n3. Lexmark Printers/Copiers haxx 0-day Exploit\nhttps://github.com/blasty/lexmark", "creation_timestamp": "2023-01-11T11:01:01.000000Z"}, {"uuid": "295f07dc-c8ab-4633-9e12-975b24dd3a03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31705", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1274", "content": "CVE-2022-31705\nPOC\nGeekpwn 2022 Vmware EHCI OOB\ndownload", "creation_timestamp": "2023-01-10T05:41:14.000000Z"}, {"uuid": "c50dbac6-3ede-4732-a4ee-392c56c91235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31705", "type": "published-proof-of-concept", "source": "Telegram/m-_AM4FJpiRJEcm3jCUXxS5qshgB4HVu9omgguHSr0D_t0s", "content": "", "creation_timestamp": "2023-02-02T02:28:05.000000Z"}, {"uuid": "74eb1f09-08c6-493f-9de1-055dbc4a55d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31705", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/3827", "content": "\u0413\u0438\u0433\u0430\u043d\u0442 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 VMware \u0432\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0441\u0440\u043e\u0447\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u0440\u0435\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432\u044b\u0445\u043e\u0434\u0430 \u0438\u0437 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b, \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 GeekPwn 2022, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043c\u043e\u043c \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 Tencent Keen Security Lab.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c VM escape, \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043a\u0430\u043a CVE-2022-31705, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c Ant Security \u042e\u0445\u0430\u043e \u0426\u0437\u044f\u043d\u043e\u043c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b VMware Fusion, ESXi \u0438 Workstation.\n\nVMware \u043e\u043f\u0438\u0441\u0430\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0443 \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043a\u0443\u0447\u0438 \u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0435 USB 2.0 (EHCI). \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u00a0\u0433\u043b\u0430\u0432\u043d\u044b\u0439 \u043f\u0440\u0438\u0437 \u043d\u0430 Geekpwn.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044e, VMWare \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0430 \u0435\u0439 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 CVSS 9,3 \u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043d\u0430 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u041d\u0430 ESXi \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442\u0441\u044f \u0432 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u0435 VMX, \u0442\u043e\u0433\u0434\u0430 \u043a\u0430\u043a \u043d\u0430 Workstation \u0438 Fusion \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE \u043d\u0430 \u043c\u0430\u0448\u0438\u043d\u0435, \u0433\u0434\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 Workstation \u0438\u043b\u0438 Fusion.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u043f\u0430\u0440\u0443 \u043e\u0448\u0438\u0431\u043e\u043a \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0445 VMware vRealize Network Insight (vRNI).\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 vRNI REST API \u0442\u0430\u043a\u0436\u0435 \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u0435\u0442\u0441\u044f VMware \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0431\u0430\u0437\u043e\u0432\u043e\u0439 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSSv3 9,8, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a vRNI REST API, \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.", "creation_timestamp": "2022-12-14T17:30:06.000000Z"}, {"uuid": "dca880d4-a8a4-4d8d-8a07-77aa18674175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31705", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2223", "content": "CVE-2022-31705\nPOC\nGeekpwn 2022 Vmware EHCI OOB\ndownload", "creation_timestamp": "2023-01-12T11:54:51.000000Z"}, {"uuid": "891f56b5-c2f4-45bf-ae79-a59bd8f619c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31705", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2209", "content": "#exploit\n1. CVE-2022-31705:\nGeekpwn 2022 Vmware EHCI OOB\nhttps://github.com/s0duku/cve-2022-31705\n\n2. Linux >=4.10: UAF in __do_semtimedop() due to lockless check outside RCU section\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2391\n\n3. Lexmark Printers/Copiers haxx 0-day Exploit\nhttps://github.com/blasty/lexmark", "creation_timestamp": "2023-01-11T16:20:13.000000Z"}, {"uuid": "28f34591-2372-4e49-a000-4da5f57af867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31705", "type": "seen", "source": "https://t.me/cibsecurity/54552", "content": "\u203c CVE-2022-31705 \u203c\n\nVMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-14T22:22:54.000000Z"}]}