- 128/2023
- Critical
VMware has released a security update to fix multiple vulnerabilities across Aria Operations for Networks (Formerly vRealize Network Insight).
The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, execute arbitrary code and gain access to the affected products.
Sample of the addressed vulnerabilities:
1. Aria Operations for Networks Command Injection (CVE-2023-20887):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Aria Operations for Networks Information Disclosure (CVE-2023-20889):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Information Disclosure
Vulnerabilities
- CVE-2023-20887
- CVE-2023-20888
- CVE-2023-20889
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.