Skip to content

VMware issues warning as critical bug gets exploited in the wild

  • by
  • 2 min read

VMware has issued a security advisory warning customers about a critical remote code execution vulnerability tracked as CVE-2023-20887 that’s being exploited in the wild. The company had previously issued patches for the aforementioned vulnerability in early June, in addition to two more high-severity bugs. 

CVE-2023-20887 was the most severe vulnerability fixed in the June patch, with a CVSS score of 9.8 out of 10. It’s a command injection flaw in Aria Operations for Networks, previously known as vRealize Network Insight. Aria Operations for Networks is a popular network monitoring tool that allows organisations to build optimised and secure network infrastructure. 

Another active exploitation confirmation comes from GreyNoise CEO Andrew Morris, whose company observed attacks exploiting the vulnerability starting June 13 from two IP addresses. Since the PoC code for the exploit is openly available on Github, the attack volume is expected to increase in the coming days. At the time of writing, GreyNoise’s website still reports a single IP address running the attack.

In the News: Japanese lose faith in digital ID cards following leaks

The other two vulnerabilities fixed in the patch are tracked as CVE-2023-20888 and CVE-2023-20889, which are high-severity vulnerabilities with CVSS scores of 9.1 and 8.8 out of 10, respectively. CVE-2023-20888 allows a remote attacker to run a decentralisation attack, resulting in remote code execution, while CVE-2023-20889 can allow attackers to run command injection attacks resulting in information disclosure. 

There’s no evidence to suggest that the two aforementioned vulnerabilities are being actively exploited, but it’s recommended that users apply the latest updates provided by VMware to prevent accidental exposure. All three bugs have been fixed in VMware Aria Operations for Networks update KB92684

Since there are no workarounds or additional mitigations to fix the issues other than updating to the latest version, users who don’t update in time can be at massive risk in case the other two vulnerabilities also start getting exploited in the wild. 

In the News: Des Moines Public Schools discloses ransomware attack and data theft

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>