Other official information and services: www.belgium.be

Warning: Poc released for Critical vulnerability in the VMware Aria Operations for Logs analysis tool, Patch Immediately!

Reference:

Advisory #2023-78

Version:

1.0

Affected software:

VMware Aria Operations for Logs, versions 8.12, 8.10.2, 8.10, 8.8.x, 8.6.x

VMware Cloud Foundation (VMware Aria Operations for Logs), version 4.x

Type:

Deserialization vulnerability leading to Remote Code Execution

CVE/CVSS:

CVE-2023-20864 / 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Date:

11/07/2023

Sources

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

Risks

VMware Aria is an unified management solution for cloud native applications and multi-cloud environments.

An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.

The vulnerability has a HIGH impact on Confidentiality, Integrity, and Availability. Authentication, and user interaction are not required to exploit this vulnerability.

Exploit code for this vulnerability is now publicly available, this increases the risk on imminent exploitation.

Description

CVE-2023-20864: Deserialization vulnerability

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Logs can execute arbitrary code as the ROOT user on vulnerable systems.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends system administrators to visit VMWare’s Customer Portal to download and install the patched versions of this software.

VMWare Customer Portal: https://customerconnect.vmware.com/en/downloads/info/slug/infrastructure_operations_management/vmware_aria_operations_for_logs/8_12