8.8
CVE-2022-31696
- EPSS 0.4%
- Published 13.12.2022 16:15:19
- Last modified 22.04.2025 16:15:29
- Source security@vmware.com
- Teams watchlist Login
- Open Login
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Cloud Foundation Version >= 3.0 < 3.10
VMware ≫ Cloud Foundation Version >= 4.0 < 4.3.11
VMware ≫ Cloud Foundation Version3.10 Update-
VMware ≫ Cloud Foundation Version3.11 Update-
VMware ≫ Cloud Foundation Version4.3.11
VMware ≫ Cloud Foundation Version4.4
VMware ≫ Cloud Foundation Version4.4.1
VMware ≫ Cloud Foundation Version4.4.1.1
VMware ≫ Cloud Foundation Version4.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.601 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.