What is VMware Aria Operations for Networks?
VMware Aria Operations for Networks, formerly known as vRealize Network Insight, a network monitoring tool that monitors and analyzes networks across multiple clouds.
What is the Attack?
CVE-2023-20887 is a command injection vulnerability in Aria Operations for Networks that allows an unauthenticated attacker with network access to achieve remote code execution.
The vulnerability has a CVSS base score of 9.8 and is rated critical by VMware.
Why is this Significant?
This is significant because proof-of-concept (PoC) code is publicly available for CVE-2023-20887, which VMware has confirmed is being exploited in the wild. As such, attacks that leverage the vulnerability are expected to increase.
FortiGuard Labs advises that the patch should be applied as soon as possible.
What is the Vendor Solution?
VMware released a patch for CVE-2023-20887 on June 7th, 2023.
For details, please refer to the link “VMSA-2023-0012.2 ” to in the Appendix.
What FortiGuard Coverage is available?
FortiGuard Labs has released a new IPS signature “VMware.Aria.Operations.CVE-2023-20887.Command.Injection” in version 24.588.
More Stories
openjpeg2-2.5.3-1.fc40
FEDORA-2024-272544ceb9 Packages in this update: openjpeg2-2.5.3-1.fc40 Update description: Update to openjpeg-2.5.3 Fix 2 heap-buffer-overflow Read More
libxml2-2.12.9-1.fc40
FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More
libxml2-2.12.9-1.fc41
FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More
iwd-3.3-1.fc40 libell-0.71-1.fc40
FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
iwd-3.3-1.fc41 libell-0.71-1.fc41
FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source...