CVE-2023-20890

2023-08-2917:38:05

vmware

www.cve.org

aria

networks

file write

vulnerability

remote code execution

vmware

authenticated

administrative access

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.0%

JSON

Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aria Operations for Networks",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Aria Operations for Networks 6.x"
      }
    ]
  }
]