June 8, 2023
VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks
VMware published various security patches today to address 3 critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing threat actors to perform remote execution or access sensitive information.
The Critical Vulnerabilities
- CVE-2023-20887 (CVSS 3.1: 9.8, Critical) – A command injection vulnerability in VMware Aria Operations for Networks, malicious actor having network access to VMware Aria Operations for Networks may be able to launch a command injection attack, resulting in remote code execution.
- CVE-2023-20888 (CVSS 3.1: 9.1, High) – An authenticated deserialization vulnerability in VMware Aria Operations for Networks, allows a malicious actor with network access and valid ‘member’ role credentials to conduct a deserialization attack that might lead to remote code execution.
- VMware Aria Operations Networks versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10.
CYREBRO updating relevant products up to the latest available releases in accordance with VMware Customer Connect website.
References: VMware Advisory