Lucene search

K
cveVmwareCVE-2023-20890
HistoryAug 29, 2023 - 6:15 p.m.

CVE-2023-20890

2023-08-2918:15:08
CWE-22
vmware
web.nvd.nist.gov
67
aria ops
networks
cve-2023-20890
file write vulnerability
remote code execution
nvd

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

54.6%

Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.

Affected configurations

Nvd
Node
vmwarearia_operations_for_networksRange6.2.06.11.0
VendorProductVersionCPE
vmwarearia_operations_for_networks*cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aria Operations for Networks",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Aria Operations for Networks 6.x"
      }
    ]
  }
]

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

54.6%