9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.115 Low
EPSS
Percentile
94.4%
VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild.
The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution.
It impacts VMware Aria Operations Networks versions 6.x, with fixes released in versions 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9, and 6.10 on June 7, 2023.
Now according to an update shared by the virtualization services provider on June 20, 2023, the flaw has been weaponized in real-world attacks, although the exact specifics are unknown as yet.
āVMware has confirmed that exploitation of CVE-2023-20887 has occurred in the wild,ā the company noted.
Data gathered by threat intelligence firm GreyNoise shows active exploitation of the flaw from two different IP addresses located in the Netherlands starting June 13, 2023.
The development comes after Summoning Team researcher Sina Kheirkhah, who identified and reported the flaws, released a proof-of-concept (PoC) exploit for the bug.
āThis vulnerability comprises a chain of two issues leading to remote code execution (RCE) that can be exploited by unauthenticated attackers,ā Kheirkhah said.
UPCOMING WEBINAR
š Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!
If anything, the speed at which either state actors or financially motivated groups turn around newly disclosed vulnerabilities and exploit them to their advantage continues to be a major threat for organizations across the world.
The disclosure also follows a report from Mandiant, which unearthed active exploitation of another flaw in VMware Tools (CVE-2023-20867) by a suspected Chinese actor dubbed UNC3886 to backdoor Windows and Linux hosts.
Users of Aria Operations for Networks are recommended to update to the latest version as soon as possible to mitigate potential risks.
Found this article interesting? Follow us on Twitter ļ and LinkedIn to read more exclusive content we post.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.115 Low
EPSS
Percentile
94.4%