VMware Releases Security Update for Aria Operations for Networks - 20230609001¶
Overview¶
VMware has released a security update to address multiple vulnerabilities in Aria Operations for Networks. A malicious actor with network access may be able to perform a command injection attack resulting in remote code execution. Patches have been made available to remediate the vulnerabilities found in VMWare products.
What is the vulnerability?¶
- CVE-2023-20887 - Aria Operations for Networks Command Injection Vulnerability
- CVE-2023-20888 - Aria Operations for Networks Authenticated Deserialization Vulnerability
- CVE-2023-20889 - Aria Operations for Networks Information Disclosure Vulnerability
What is vulnerable?¶
The vulnerability affects Aria Operations for Networks (Formerly vRealize Network Insight)
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices: VMSA-2023-0012