Vulnerability Details CVE-2023-20887
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/173761/VMWare-Aria-Operations-For-Networks-Remote-Command-Execution.html
- https://www.vmware.com/security/advisories/VMSA-2023-0012.html
- http://packetstormsecurity.com/files/173761/VMWare-Aria-Operations-For-Networks-Remote-Command-Execution.html
- https://www.vmware.com/security/advisories/VMSA-2023-0012.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20887
Products affected by CVE-2023-20887
-
cpe:2.3:a:vmware:aria_operations_for_networks:6.10.0
-
cpe:2.3:a:vmware:aria_operations_for_networks:6.2.0
-
cpe:2.3:a:vmware:aria_operations_for_networks:6.3.0
-
cpe:2.3:a:vmware:aria_operations_for_networks:6.4.0
-
cpe:2.3:a:vmware:aria_operations_for_networks:6.5.0
-
cpe:2.3:a:vmware:aria_operations_for_networks:6.6.0
-
cpe:2.3:a:vmware:aria_operations_for_networks:6.7.0
-
cpe:2.3:a:vmware:aria_operations_for_networks:6.8.0
-
cpe:2.3:a:vmware:aria_operations_for_networks:6.9.0