Threat Signal ReportCommand Injection Vulnerability in Aria Operations for Networks (CVE-2023-20887) Exploited in the Wild
Description
| What is VMware Aria Operations for Networks? |
VMware Aria Operations for Networks, formerly known as vRealize Network Insight, a network monitoring tool that monitors and analyzes networks across multiple clouds.
|
| What is the Attack? | CVE-2023-20887 is a command injection vulnerability in Aria Operations for Networks that allows an unauthenticated attacker with network access to achieve remote code execution. The vulnerability has a CVSS base score of 9.8 and is rated critical by VMware. |
| Why is this Significant? |
This is significant because proof-of-concept (PoC) code is publicly available for CVE-2023-20887, which VMware has confirmed is being exploited in the wild. As such, attacks that leverage the vulnerability are expected to increase.
FortiGuard Labs advises that the patch should be applied as soon as possible. |
|
What is the Vendor Solution?
|
VMware released a patch for CVE-2023-20887 on June 7th, 2023.
For details, please refer to the link "VMSA-2023-0012.2 " to in the Appendix. |
| What FortiGuard Coverage is available? | FortiGuard Labs has released a new IPS signature "VMware.Aria.Operations.CVE-2023-20887.Command.Injection" in version 24.588. For a full comprehensive lists of protections from FortiGuard Labs, please visit the Outbreak Alert page for further details. |
Outbreak Alert
VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution. According to the vendor advisory, the vulnerability has been seen exploited in the wild.
Telemetry
Appendix
https://www.fortiguard.com/encyclopedia/ips/53324VMSA-2023-0012.2 (VMware)
CVE-2023-20887 (MITRE)
VMware.Aria.Operations.CVE-2023-20887.Command.Injection (Fortinet)
✖
