VMware Aria Operations for Networks Command Injection Vulnerability - 20230623002

Overview

VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.

What is the vulnerability?

CVE-2023-20887 - CVSS v3 Base Score: 9.8 CRITICAL

What is vulnerable?

The vulnerability exists in the following products:

• Aria Operations for Networks Version 6.x

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

Due to the report of active exploitation, it is strongly recommended to patch this vulnerability within 2 weeks across all affected platforms as per vendor instructions:

• https://www.vmware.com/security/advisories/VMSA-2023-0012.html