8.8
CVE-2022-31696
- EPSS 0.4%
- Veröffentlicht 13.12.2022 16:15:19
- Zuletzt bearbeitet 22.04.2025 16:15:29
- Quelle security@vmware.com
- Teams Watchlist Login
- Unerledigt Login
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Cloud Foundation Version >= 3.0 < 3.10
VMware ≫ Cloud Foundation Version >= 4.0 < 4.3.11
VMware ≫ Cloud Foundation Version3.10 Update-
VMware ≫ Cloud Foundation Version3.11 Update-
VMware ≫ Cloud Foundation Version4.3.11
VMware ≫ Cloud Foundation Version4.4
VMware ≫ Cloud Foundation Version4.4.1
VMware ≫ Cloud Foundation Version4.4.1.1
VMware ≫ Cloud Foundation Version4.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.601 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.