VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks

June 8, 2023

VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks

VMware published various security patches today to address 3 critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing threat actors to perform remote execution or access sensitive information.

The Critical Vulnerabilities

  • CVE-2023-20887 (CVSS 3.1: 9.8, Critical) – A command injection vulnerability in VMware Aria Operations for Networks, malicious actor having network access to VMware Aria Operations for Networks may be able to launch a command injection attack, resulting in remote code execution.
  • CVE-2023-20888 (CVSS 3.1: 9.1, High) – An authenticated deserialization vulnerability in VMware Aria Operations for Networks, allows a malicious actor with network access and valid ‘member’ role credentials to conduct a deserialization attack that might lead to remote code execution.

Affected Products

  • VMware Aria Operations Networks versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10.

Mitigation

CYREBRO updating relevant products up to the latest available releases in accordance with VMware Customer Connect website.

References: VMware Advisory

Sign Up for Updates