Get in Touch
Indiscriminate, opportunistic targeting.
A command injection vulnerability has been recently discovered within VMware Aria Operations for Networks. The flaw, tracked as CVE-2023-20887 (CVSSv3 score: 9.8) allows an unauthenticated threat actor with access to Aria Operations to exploit the vulnerability to attain remote code execution (RCE) capabilities.
Successful exploitation of CVE-2023-20887 could allow a threat actor with network access to VMware Aria Operations for Networks to perform a command injection attack resulting in RCE. This would almost certainly result in the compromise of the integrity of data.
VMware Aria has patched the vulnerability for the respective product versions. As such, previous versions are vulnerable to potential exploitation.
VMware Aria Operations for Networks versions 6.2 through 6.10.
Containment, Mitigations & Remediations
It is strongly recommended that users apply the patch released by VMware as soon as possible. This can be found at the associated VMware advisory.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
VMware occupies a significant proportion of the virtualisation market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, VMware products have become a prime target for threat actors. Due to the fact that virtual machines have become an integral aspect of both personal and business affairs, threat actors will continue to exploit vulnerabilities contained within the associated devices in an attempt to extract the sensitive information contained therein.
No attribution to specific threat actors or groups has been identified at the time of writing.
TA0002 – Execution