VMware has confirmed that threat actors have exploited a vRealize vulnerability. CVE-2023-20887 had been discovered “in the wild” by cybersecurity firm GreyNoise. It had brought this out via a blog post last week.
VMware’s vRealize Suite is a software platform that helps IT admins set up hybrid cloud environments. Specifically, the vulnerability is within one of its tools, called VMware Aria Operations for Networks. This network analytics application monitors network performance and VMware and Kubernetes deployments.
Nothing to do but patch
Security researcher Sina Kheirkhah was quoted in the GreyNoise blog, “
VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user.”
There are no workarounds, so the only solution to the problem is patching. This is something that organizations should always be reminded of, as we have yet to see an application such as Windows Autopatch for most applications in 2023. As a result, threat actors are still expected to keep a reason to scan for a vulnerability like this.
Unfortunately, VMware has been hit recently in terms of vulnerabilities. Still, with these issues, it’s always a two-sided story: we don’t find out about many vulnerabilities until they are massively exploited, when they are virtually unavoidable. Ultimately, it is important for companies to be transparent about existing dangers to their customers, something VMware is thus doing with this announcement.