Multiple vulnerabilities in VMware vRealize Network Insight (vRNI) were privately reported to VMware. Patches and updates are available to remediate these vulnerabilities in vRNI 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 and 6.7.
CVE-2022-31702 :
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API.
CVE-2022-31703 :
vRealize Network Insight (vRNI) directory traversal vulnerability in vRNI REST API.
These vulnerabilities and their impacts on vRNI are documented in the following VMware Security Advisory (VMSA), please review this document before continuing:
To mitigate the vulnerability, VMware highly recommends upgrading to vRNI 6.8 that contains the fixes. If upgrading is not possible, below patches are available for vRealize Network Insight version 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 and 6.7.
Patch Download Details:
Patch for vRealize Network Insight version 6.2.0
Patch Download / Build Number | Download the Patch here -- build number: 1670436787 |
File Name | VMware-vRNI.6.2.0.P7.1670436787.patch.bundle |
Size | 650.89 MB |
MD5SUM | be2ed8ff2611ff5e505db90589c3de47 |
SHA1SUM | 2b08d66756e4ee24056dc098e3bbf590471d7336 |
SHA256SUM | ea598130e4b656a76a7e7288e34660fafc88641eb64408fc95100364dc263d5a |
Patch for vRealize Network Insight version 6.3.0
Patch Download / Build Number | Download the Patch here -- build number: 1670421532 |
File Name | VMware-vRNI.6.3.0.P4.1670421532.patch.bundle |
Size | 671.36 MB |
MD5SUM | 4551ed9d20a4ef5344244fec1884e211 |
SHA1SUM | 651b2d8aba165b8b53bc06fdb59782a3fc87b0fe |
SHA256SUM | be64e1b0f5fa1409f72d7b2c549c61530e787cde4f0ccc43d146a5cdca3965ef |
Patch for vRealize Network Insight version 6.4.0
Patch Download / Build Number | Download the Patch here -- build number: 1670379658 |
File Name | VMware-vRNI.6.4.0.P8.1670379658.patch.bundle |
Size | 755.33 MB |
MD5SUM | 862fc3aee3fe47eb796521db358e6c12 |
SHA1SUM | 274394bfbc58fae114af0abb7a9fdacc4b998ce4 |
SHA256SUM | 66bac8bd0c5fcaaaa1229e8ee8076e20a83ffffa4fd7129932ad866428568ad6 |
Patch for vRealize Network Insight version 6.5.1
Patch Download / Build Number | Download the Patch here -- build number: 1670383888 |
File Name | VMware-vRNI.6.5.1.P5.1670383888.patch.bundle |
Size | 685.43 MB |
MD5SUM | f1e268f790fba4fc0927acbfff0bc105 |
SHA1SUM | 9d835dbcc3a53eec91b4fcb7e95da5f6e5520c9a |
SHA256SUM | c58c248c496674adb41dbb452449b8fb0b86f1d70a560f3a84870f40e3a2329b |
Patch for vRealize Network Insight version 6.6.0
Patch Download / Build Number | Download the Patch here -- build number: 1670381875 |
File Name | VMware-vRNI.6.6.0.P4.1670381875.patch.bundle |
Size | 649.5 MB |
MD5SUM | ec84f1489a034eaf77def191d67f6836 |
SHA1SUM | 37ec5b81408cafa39757085fd526c2414b76438c |
SHA256SUM | a10858330f916dbb80e632d1f8e045b2c29802218568d1902ce2d202756643f6 |
Patch for vRealize Network Insight version 6.7.0
Patch Download / Build Number | Download the Patch here -- build number: 1670340571 |
File Name | VMware-vRNI.6.7.0.P4.1670340571.patch.bundle |
Size | 725.12 MB |
MD5SUM | ba8bb06feace35e24f081f8dd541f378 |
SHA1SUM | 0541d6e0ef0dd2302f3f204d919d0f2553e83114 |
SHA256SUM | f438eb82e8857d245bbf78ecd53c9e5898217630d7bd9db65890b7d6a41652da |
Note: Above patches are cumulative of any previous patches for the same version
Procedure to apply vRealize Network Insight patch bundle:
Note: The default admin@local account can be used.
3. Navigate to Settings > Install and Support > Overview and Updates, then under Product, select Click here.
4. Click Browse to select the locally downloaded patch file and click Upload.
Notes:
5. In the Bundle Available message notification, click View details.
vRealize Network Insight Update screen appears.
You can see the approximate time required to complete the update process on your setup.
Notes:
All platform and the collector nodes are updated.