VMware Releases Security Updates for VMware Aria Operations for Logs and Cloud Foundation
Security updates address two high vulnerabilities affecting VMware Aria Operations for Logs and Cloud Foundation
Summary
Security updates address two high vulnerabilities affecting VMware Aria Operations for Logs and Cloud Foundation
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
VMware have released security updates to address two security vulnerabilities within VMware Aria Operations for Logs and Cloud Foundation.
CVE-2023-34051, which has been assigned a CVSSv3 score of 8.1, is an authentication bypass vulnerability that could allow an unauthenticated attacker to inject files into the operating system of an impacted appliance which could result in remote code execution (RCE).
CVE-2023-34052, which has been assigned a CVSSv3 score of 8.1, is a deserialisation vulnerability. This vulnerability could allow an attacker with non-administrative access to the local system to trigger the deserialisation of data, which could result in authentication bypass.
Proof-of-concept exploit code published for CVE-2023-34051
VMware is aware of a publicly available proof-of-concept exploit code for CVE-2023-34051.
Remediation advice
Affected organisations are encouraged to review the VMware Security Advisory VMSA-2023-0021 and apply any relevant updates.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 26 October 2023 1:33 pm