- 206/2023
- Critical
VMware has released security updates to fix multiple vulnerabilities in VMware Aria Operations Networks, and VMware Horizon Server.
The addressed vulnerabilities could allow the attacker to gain access, execute arbitrary code, or bypass security restrictions by sending a specially crafted request to VMware Aria Operations Networks affected versions.
Sample of the addressed vulnerabilities:
1. VMware Aria Operations for Networks Security Bypass (CVE-2023-34039):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. VMware Aria Operations for Networks Code Execution (CVE-2023-20890):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
- CVE-2023-20890
- CVE-2023-34039
- CVE-2023-34038
- CVE-2023-34037
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.