Skip to main content

VMware Releases Critical Security Update

VMware security update addresses three vulnerabilities in VMware Aria Operations Networks

Threat ID:
CC-4333
Threat Severity:
Medium
Published:
8 June 2023 3:55 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

VMware security update addresses three vulnerabilities in VMware Aria Operations Networks

Affected platforms

The following platforms are known to be affected:

Versions: 6.x

VMware Aria Operations for Networks (formerly vRealize Network Insight)

Threat details

Introduction

VMware has released a critical security update, which include three vulnerabilities with CVSSv3 scores of 8.8 or higher. These vulnerabilities address command injection, authentication deserialisation, and information disclosure. An attacker could exploit these vulnerabilities to execute remote code or gain access to information.

Exploitation of CVE-2023-20887 in the Wild

Following the publication of a proof-of-concept for CVE-2023-20887, VMware have warned that exploitation of this vulnerability has been observed in the wild.

Threat updates

Date Update
21 Jun 2023 VMware has confirmed that exploitation of CVE-2023-20887 has occurred in the wild.

This article has been updated to reflect this change. 

Remediation advice

Affected organisations are encouraged to review the VMware Security Advisory VMSA-2023-0012 and apply any relevant updates.

Last edited: 21 June 2023 3:50 pm