Critical 9,8 vulnerability: VMware Aria Operations for Networks 

June 11, 2023
| No comments
B2B Cyber ​​Security ShortNews

Share post

In a new security notification, the BSI warns of 2 critical and one highly dangerous vulnerability in VMware Aria Operations for Networks. An attacker could exploit the vulnerabilities to execute arbitrary code or disclose information.

The critical vulnerabilities in VMware Aria Operations for Networks have baseline CVSSv3 scores of 9,8 and 9,1. The highly dangerous vulnerability still has a value of 8,8. The vulnerabilities are described under the CVE designations CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889.

BSI warns of attacks

The BSI calls the vulnerabilities in its Security Advisory WID-SEC-2023-138 and warns against exploitation. VMware already offers updates that close the vulnerabilities. The first 9,8 vulnerability is a command injection vulnerability (CVE-2023-20887). A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack that leads to remote code execution.

The second fix is ​​for an authenticated deserialization vulnerability. VMware has rated the severity of this issue in the critical severity range with a maximum baseline CVSSv3 score of 9,1. An attacker with network access to VMware Aria Operations for Networks and valid Member role credentials could potentially perform a deserialization attack that leads to remote code execution.

The third vulnerability (CVE-2023-20889) can lead to information disclosure. This issue has a baseline CVSSv3 severity of 8,8, which is considered Highly Dangerous.

More at VMware.com

 

About VMware

VMware is driving the world's digital infrastructure with its business software. The company's solutions in the areas of cloud, mobility, network and security provide more than 500.000 corporate customers worldwide with a dynamic and efficient digital basis for their business success. They are supported by the global VMware partner network, consisting of around 75.000 partners. Based in Palo Alto, California, the company has used its technological innovations for both corporate and social purposes for over 20 years. The German office of VMware is located in Munich. Further information can be found at: www.vmware.com/de. VMware and Carbon Black are registered trademarks of VMware, Inc. or its subsidiaries in the United States and other countries.

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more

Short news
, , , , ,