CVE-2022-31705: CVE-2022-31705

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-31705

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

多款VMware产品缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

VMware ESXi等都是美国威睿（VMware）公司的产品。VMware ESXi是一套可直接安装在物理服务器上的服务器虚拟化平台。VMware Workstation是一套虚拟机软件。VMware Fusion是一套专用于在苹果机（Mac）上运行Windows应用程序的的虚拟机软件。 VMware ESXi、Workstation和Fusion系统存在缓冲区错误漏洞，该漏洞源于其usb2.0控制器（EHCI）允许攻击者实现堆越界写入。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	VMware ESXi, VMware Workstation Pro / Player, VMware Fusion Pro / Fusion (Fusion), VMware Cloud Foundation	VMware ESXi (8.0 prior to ESXi80a-20842819, 7.0 prior to ESXi70U3si-20841705, VMware Workstation Pro / Player (16.x prior to 16.2.5), VMware Fusion Pro / Fusion (12.x prior to 12.2.5), VMware Cloud Foundation (4.x, 3.x)	-

II. Public POCs for CVE-2022-31705

#	POC Description	Source Link	Shenlong Link
1	CVE-2022-31705 (Geekpwn 2022 Vmware EHCI OOB) POC	https://github.com/s0duku/cve-2022-31705	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-31705

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same vendor: n/a

V. Comments for CVE-2022-31705

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2022-31705

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-31705

III. Intelligence Information for CVE-2022-31705

IV. Related Vulnerabilities

V. Comments for CVE-2022-31705

Leave a comment