CVE-2022-31702 - Vulnerability Details - OpenCVE

vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Vmware	Vrealize Network Insight

Configuration 1 [-]

OR	cpe:2.3:a:vmware:vrealize_network_insight:6.2.0:::::::*
	cpe:2.3:a:vmware:vrealize_network_insight:6.3.0:::::::*
	cpe:2.3:a:vmware:vrealize_network_insight:6.4.0:::::::*
	cpe:2.3:a:vmware:vrealize_network_insight:6.5.1:::::::*
	cpe:2.3:a:vmware:vrealize_network_insight:6.6.0:::::::*
	cpe:2.3:a:vmware:vrealize_network_insight:6.7.0:::::::*

No data.

References

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2022-0031.html

History

Tue, 22 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2022-12-14T00:00:00.000Z

Updated: 2025-04-22T16:03:44.213Z

Reserved: 2022-05-25T00:00:00.000Z

Link: CVE-2022-31702

Vulnrichment

Updated: 2024-08-03T07:26:01.057Z

NVD

Status : Modified

Published: 2022-12-14T19:15:13.047

Modified: 2025-04-22T16:15:30.297

Link: CVE-2022-31702

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31702", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "dateUpdated": "2025-04-22T16:03:44.213Z", "dateReserved": "2022-05-25T00:00:00.000Z", "datePublished": "2022-12-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2022-12-14T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication."}], "affected": [{"vendor": "n/a", "product": "VMware vRealize Network Insight (vRNI)", "versions": [{"version": "6.x", "status": "affected"}]}], "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "VMware vRealize Network Insight (vRNI) contains command injection vulnerability"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.057Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T16:03:18.690780Z", "id": "CVE-2022-31702", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T16:03:44.213Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31702", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "dateUpdated": "2025-04-22T16:03:44.213Z", "dateReserved": "2022-05-25T00:00:00.000Z", "datePublished": "2022-12-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2022-12-14T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication."}], "affected": [{"vendor": "n/a", "product": "VMware vRealize Network Insight (vRNI)", "versions": [{"version": "6.x", "status": "affected"}]}], "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "VMware vRealize Network Insight (vRNI) contains command injection vulnerability"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.057Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-31702", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-22T16:03:18.690780Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T16:03:38.017Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vrealize_network_insight:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC96796-6141-4DC2-8278-1DE9BD0882C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_network_insight:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "962DF5E6-4CDF-460C-A78D-68466ECFB93F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_network_insight:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "37CB4762-F4FE-4AB0-8466-0E8169220687", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_network_insight:6.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "37C4DB4F-24F6-408A-B560-409B1489BDAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_network_insight:6.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B5EA4ED-3343-451F-82C2-CBB3B3E8210C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_network_insight:6.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "AE6C4EE3-C7F2-4137-9F73-C6BF57E70FEA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication."}, {"lang": "es", "value": "vRealize Network Insight (vRNI) contiene una vulnerabilidad de inyecci\u00f3n de comandos presente en la API REST de vRNI. Un actor malintencionado con acceso a la red de la API REST de vRNI puede ejecutar comandos sin autenticaci\u00f3n."}], "id": "CVE-2022-31702", "lastModified": "2025-04-22T16:15:30.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-14T19:15:13.047", "references": [{"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}