VMware Aria Operations for Logs RCE Vulnerability (CVE-2023-20864) Exploit Code Released
Dark Lab on Jul 13 2023
Share:
CVE-2023-20864 is a critical deserialization vulnerability that enables an unauthenticated attacker with network access to VMware Aria Operations for Logs (formerly vRealize Log Insight) to achieve remote code execution (RCE) as root.
Given the vulnerability’s low attack complexity and availability of the exploit code, it is likely that malicious actors will quickly seek to weaponise the vulnerability to infiltrate unpatched instances and perform RCE to carry out their attack.
This comes shortly after a similar VMware Aria Operations RCE vulnerability (CVE-2023-20887) in VMware Aria Operations for Networks was observed to be actively exploited by malicious actors in June 2023.
VMware advises customers to apply the latest patch to remediate susceptibility to CVE-2023-20864 and the other patched vulnerabilities. No further workarounds have been advised.
https://www.vmware.com/security/advisories/VMSA-2023-0007.html
Given the vulnerability’s low attack complexity and availability of the exploit code, it is likely that malicious actors will quickly seek to weaponise the vulnerability to infiltrate unpatched instances and perform RCE to carry out their attack.
This comes shortly after a similar VMware Aria Operations RCE vulnerability (CVE-2023-20887) in VMware Aria Operations for Networks was observed to be actively exploited by malicious actors in June 2023.
VMware advises customers to apply the latest patch to remediate susceptibility to CVE-2023-20864 and the other patched vulnerabilities. No further workarounds have been advised.
https://www.vmware.com/security/advisories/VMSA-2023-0007.html