What is CVE-2022-31680?

CVE-2022-31680 is a vulnerability in VMware vCenter Server that allows a malicious actor with admin access to execute arbitrary code on the underlying operating system.

How severe is CVE-2022-31680?

CVE-2022-31680 has a severity rating of 9.1 out of 10, which is considered critical.

What software is affected by CVE-2022-31680?

VMware vCenter Server versions 6.5 and below are affected by CVE-2022-31680.

How can CVE-2022-31680 be exploited?

CVE-2022-31680 can be exploited by a malicious actor with admin access on vCenter Server to perform remote code execution on the underlying operating system.

Where can I find more information about CVE-2022-31680?

You can find more information about CVE-2022-31680 on Talos Intelligence and VMware's security advisories.

Vulnerability/
CVE-2022-31680

critical

9.1

7/10/2022

11/10/2022

CVE-2022-31680

First published: Fri Oct 07 2022(Updated: )

The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.

Credit: security@vmware.com

Affected Software	Affected Version	How to fix
VMware vCenter Server	<6.5
VMware vCenter Server	=6.5
VMware vCenter Server	=6.5-a
VMware vCenter Server	=6.5-b
VMware vCenter Server	=6.5-c
VMware vCenter Server	=6.5-d
VMware vCenter Server	=6.5-update1
VMware vCenter Server	=6.5-update1b
VMware vCenter Server	=6.5-update1c
VMware vCenter Server	=6.5-update1d
VMware vCenter Server	=6.5-update1e
VMware vCenter Server	=6.5-update1g
VMware vCenter Server	=6.5-update2
VMware vCenter Server	=6.5-update2b
VMware vCenter Server	=6.5-update2c
VMware vCenter Server	=6.5-update2d
VMware vCenter Server	=6.5-update2g
VMware vCenter Server	=6.5-update3
VMware vCenter Server	=6.5-update3d
VMware vCenter Server	=6.5-update3f
VMware vCenter Server	=6.5-update3k
VMware vCenter Server	=6.5-update3n
VMware vCenter Server	=6.5-update3p
VMware vCenter Server	=6.5-update3q
VMware vCenter Server	=6.5-update3r
VMware vCenter Server	=6.5-update3s
VMware vCenter Server	=6.5-update3t
VMware vCenter Server	=6.5-update3u

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-31680?
CVE-2022-31680 is a vulnerability in VMware vCenter Server that allows a malicious actor with admin access to execute arbitrary code on the underlying operating system.
How severe is CVE-2022-31680?
CVE-2022-31680 has a severity rating of 9.1 out of 10, which is considered critical.
What software is affected by CVE-2022-31680?
VMware vCenter Server versions 6.5 and below are affected by CVE-2022-31680.
How can CVE-2022-31680 be exploited?
CVE-2022-31680 can be exploited by a malicious actor with admin access on vCenter Server to perform remote code execution on the underlying operating system.
Where can I find more information about CVE-2022-31680?
You can find more information about CVE-2022-31680 on Talos Intelligence and VMware's security advisories.

collector/nvd-index
vendor/vmware
product/vcenter server
canonical/vmware vcenter server

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.