Warning: Poc released for Critical vulnerability in the VMware Aria Operations for Logs analysis tool, Patch Immediately!
CVE-2023-20864 / 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Bronnen
https://www.vmware.com/security/advisories/VMSA-2023-0007.html
Risico’s
VMware Aria is an unified management solution for cloud native applications and multi-cloud environments.
An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
The vulnerability has a HIGH impact on Confidentiality, Integrity, and Availability. Authentication, and user interaction are not required to exploit this vulnerability.
Exploit code for this vulnerability is now publicly available, this increases the risk on imminent exploitation.
Beschrijving
CVE-2023-20864: Deserialization vulnerability
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Logs can execute arbitrary code as the ROOT user on vulnerable systems.
Aanbevolen acties
The Centre for Cyber Security Belgium strongly recommends system administrators to visit VMWare’s Customer Portal to download and install the patched versions of this software.
VMWare Customer Portal: https://customerconnect.vmware.com/en/downloads/info/slug/infrastructure_operations_management/vmware_aria_operations_for_logs/8_12