CYREBRO Resources

E-Books & Guides

VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks

  • Threat Intelligence

June 8, 2023

VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks

VMware published various security patches today to address 3 critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing threat actors to perform remote execution or access sensitive information.

The Critical Vulnerabilities

  • CVE-2023-20887 (CVSS 3.1: 9.8, Critical) – A command injection vulnerability in VMware Aria Operations for Networks, malicious actor having network access to VMware Aria Operations for Networks may be able to launch a command injection attack, resulting in remote code execution.
  • CVE-2023-20888 (CVSS 3.1: 9.1, High) – An authenticated deserialization vulnerability in VMware Aria Operations for Networks, allows a malicious actor with network access and valid ‘member’ role credentials to conduct a deserialization attack that might lead to remote code execution.

Affected Products

  • VMware Aria Operations Networks versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10.

Mitigation

CYREBRO updating relevant products up to the latest available releases in accordance with VMware Customer Connect website.

References: VMware Advisory

Back to Resources

Sign Up for Updates