Main Vulnerability Database Exploits ID:8717 - Exploit for Out-of-bounds write in VMware ESXi - CVE-2022-31705

ID:8717 - Exploit for Out-of-bounds write in VMware ESXi - CVE-2022-31705

Published: January 9, 2023

Vulnerability identifier: #VU70156

Vulnerability risk: Medium

CVE-ID: CVE-2022-31705

CWE-ID: CWE-787

Exploitation vector: Remote access

Vulnerable software:
VMware ESXi

Link to public exploit:

https://github.com/s0duku/cve-2022-31705

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the USB 2.0 controller (EHCI). A local privileged user on the guest OS can trigger an out-of-bounds write and execute arbitrary code as the virtual machine's VMX process running on the host.

Remediation

Install updates from vendor's website.

Note, on ESXi the exploitation is contained within the VMX sandbox.

ID:8717 - Exploit for Out-of-bounds write in VMware ESXi - CVE-2022-31705

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human