Cisco Talos recently discovered a denial-of-service vulnerability in VMWare vCenter Server.

VMware vCenter Server is a platform that enables centralized control and monitoring over all virtual machines and EXSi hypervisors included in vSphere.

TALOS-2022-1588 (CVE-2022-31698) concerns a pre-authentication denial-of-service vulnerability in a handler of the content library. A specially crafted HTTP header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Cisco Talos worked with VMWare to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update the affected product as soon as possible: VMware vCenter Server 6.5 Update 3t. Talos tested and confirmed this version of VMWare could be exploited by this vulnerability.

The following Snort rule will detect exploitation attempts against this vulnerability: 60408. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.