VMware warns for a vulnerability in the VMware Aria Operations for Logs tool. This allows hackers to gain remote access to unpatched appliances.
The VMware Aria Operations for Logs tool allows administrators to manage large volumes of application and infrastructure logs of large-scale environments.
In the tool, the CVE-2023-20864 vulnerability was found in April this year. This is a so-called deserialization vulnerability, which allows attackers to gain access to unpatched appliances via remote execution. Thereafter, the attackers can run arbitrary code on these hacked appliances through non-complex attacks without human intervention.
VMware patched the vulnerability in April, but now indicates that companies should hurry with this especially since an exploit is now circulating for the vulnerability.
Combination with CVE-2023-20865
VMware faced not only CVE-2023-20864 in April, but also a number of other vulnerabilities that needed to be patched quickly. Among them, the command injection vulnerability CVE-2023-20865 allows remote attackers with management privileges as root to issue arbitrary commands to vulnerable appliances.
Like CVE-2023-20864, a patch is available for this and no active exploits have yet been spotted.
Furthermore, VMware faced vulnerability CVE-2023-20887 in VMware Aria Operations for Networks, previously VMware vRealize Network Insight. This vulnerability enables remote command execution as a root user. However, the vulnerability is open and actively exploited.
For all vulnerabilities, VMware strongly recommends installing the patches for the CVE-2023-20864 vulnerability as soon as possible.