Other official information and services: www.belgium.be

Warning: Poc released for Critical vulnerability in the VMware Aria Operations for Logs analysis tool, Patch Immediately!

Referentie:

Advisory #2023-78

Versie:

1.0

Geïmpacteerde software:

VMware Aria Operations for Logs, versions 8.12, 8.10.2, 8.10, 8.8.x, 8.6.x

VMware Cloud Foundation (VMware Aria Operations for Logs), version 4.x

Type:

Deserialization vulnerability leading to Remote Code Execution

CVE/CVSS:

CVE-2023-20864 / 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Datum:

11/07/2023

Bronnen

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

Risico’s

VMware Aria is an unified management solution for cloud native applications and multi-cloud environments.

An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.

The vulnerability has a HIGH impact on Confidentiality, Integrity, and Availability. Authentication, and user interaction are not required to exploit this vulnerability.

Exploit code for this vulnerability is now publicly available, this increases the risk on imminent exploitation.

Beschrijving

CVE-2023-20864: Deserialization vulnerability

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Logs can execute arbitrary code as the ROOT user on vulnerable systems.

Aanbevolen acties

The Centre for Cyber Security Belgium strongly recommends system administrators to visit VMWare’s Customer Portal to download and install the patched versions of this software.

VMWare Customer Portal: https://customerconnect.vmware.com/en/downloads/info/slug/infrastructure_operations_management/vmware_aria_operations_for_logs/8_12