Vmware Aria Operations Command Injection Vulnerability

Vmware Aria Operations Command Injection Vulnerability

Multiple Aria Operations Vulnerabilities were reported to Vmware on June 07.

It is also announced that patches for the affected Vmware product remediation are available. According to Vmware; Aria Operations for networks contains command injection vulnerabilities. Therefore a malicious actor with access to the Vmware Aria Operations network may perform a command injection attack wich may lead to remote code execution. (CVE-2023-20887)

Affected Systems

-

IoC’s

-

Recommended Solution(s)

Please apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' on the Vmware Security Advisories webpage for remediation:

Mitigations

-

CVE / CWE

CVE-2023-20887

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2023-20887
• https://www.vmware.com/security/advisories/VMSA-2023-0012.html

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.