Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

External Penetration Testing

Secure Internet-facing IT assets.

Internal Penetration Testing

Secure internal networks and servers.

Web Application Penetration Testing

Secure mission-critical Web Apps & APIs.

Medical Device Penetration Testing

Secure smart medical equipment & data.

Cloud Security Services

Secure cloud-hosted assets & environments.

SCADA Cybersecurity Assessment

Secure SCADA / ICS systems & networks.

Cyber Maturity Assessment

Assess and prioritize your cybersecurity.

Red Team Security Services

Protect against sophisticated cyberattacks.

Consulting & Professional Services

Get advice and support from certified experts.

Compliance Services

Meet the requirements of various standards.

View All Vumetric Services →

SOLUTIONS BY STANDARD

SOLUTIONS BY INDUSTRY

SOLUTIONS BY CHALLENGE

Secure your network infrastructure

Protect your network from security breaches.

Secure your applications

Secure your missions-critical applications (Web, Mobile ,etc.).

Secure your cloud infrastructure

Ensure the security of your cloud environments.

Prevent ransomware attacks

Protect your business from ransomware attacks.

Contact a Cybersecurity Specialist →

Blog Articles

Learn more about cybersecurity and discover the latest trends in the industry.

Cybersecurity News

Learn about the latest news and trends in cybersecurity.

Documents & Whitepapers

Read about the success stories of our clients and download free guides.

Frequently Asked Questions

Find answers to commonly asked questions regarding penetration testing.

VIEW ALL CYBERSECURITY RESOURCES →

About Vumetric

Learn more about Vumetric and discover why hundreds of organizations trust our experts.

Partnership Program

Unlock new business opportunites by reselling top-of-the-line cybersecurity services.

Certifications

Discover our team's cybersecurity and penetration testing certifications.

PTaaS Platform

Discover the modern way to launch and manage your penetration testing projects.

Methodologies

Discover our cybersecurity testing methodologies and standards.

Careers

Explore new career opportunities and join our team of passionate experts.

VMware fixes critical ESXi and vRealize security flaws

Critical, VMWare
December 14, 2022

VMware released security updates to address a critical-severity vulnerability impacting ESXi, Workstation, Fusion, and Cloud Foundation, and a critical-severity command injection flaw affecting vRealize Network Insight.

The VMware ESXi heap out-of-bounds write vulnerability is tracked as CVE-2022-31705 and has received a CVSS v3 severity rating of 9.3.

“A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host,” mentions the security advisory.

VMware has released step-by-step instructions on how to apply the workaround on a VMware ESXi virtual machine, which also applies to the Cloud Foundation suite.

On a separate security bulletin, VMware gives details about CVE-2022-31702, a critical severity vulnerability that allows command injection in the vRNI REST API of vRealize Network Insight versions 6.2 to 6.7.

VMware vRealize Network Insight 6.8.0 is not affected by these vulnerabilities.

Share this article on social media: