Two vulnerabilities were discovered in older versions of VMware Aria Operations for Networks and VMware Aria Operations for Logs. The vulnerabilities allow bad actors to perform remote code execution as the root user. Remote code execution can lead to system compromise and subsequent encryption, data exfiltration and/or lateral movement. Barracuda MSP recommends applying the latest patches for VMware Aria Operations for Logs and VMware Aria Operations for Networks.
What is the threat?
CVE-2023-20864 is a deserialization vulnerability in VMware Aria Operations for Logs. A successful exploitation of the vulnerability allows an unauthenticated attacker to execute arbitrary code as root user remotely. The process to exploit is relatively simple and does not require interaction from the user.
CVE-2023-20887 is a command injection vulnerability in VMware Aria Operations for Networks. A threat actor with network access to VMware Aria Operations for Networks can perform remote code execution.
Why is it noteworthy?
The discovery of these vulnerabilities raises concerns for organizations using these solutions. The noteworthy aspect of these vulnerabilities lies in their potential for remote code execution (RCE), allowing threat actors to exploit affected systems remotely. Also, VMware has confirmed CVE-2023-20887 has already been exploited in the wild.
What is the exposure or risk?
The exposure or risk associated with these vulnerabilities is substantial. CVE-2023-20887 affects VMware Aria Operations for Networks, and exploitation could result in arbitrary code execution with elevated privileges. Meanwhile, CVE-2023-20864 impacts VMware Aria Operations for Logs, and successful exploitation could lead to remote code execution with administrative privileges. These vulnerabilities pose a severe threat to the confidentiality, integrity, and availability of affected systems. Attackers can potentially exploit these vulnerabilities remotely, allowing them unauthorized access to critical resources, leading to data breaches, disruption of services, and potential financial loss. Organizations that fail to promptly patch these vulnerabilities and implement necessary security measures are at a heightened risk of falling victim to malicious activities exploiting these weaknesses.
What are the recommendations?
Barracuda MSP recommends the following actions to secure your environment against this vulnerability:
- Update VMware Aria Operations for Logs to version 8.12 or later
- Access VMware’s website for patching VMware Aria Operations for Networks
- Deploy a firewall to safeguard your environment against network-based exploits
- Install endpoint protection software on all devices including servers
- Utilize Barracuda XDR products for network monitoring and detection of incoming exploit attempts
References
For more in-depth information about the recommendations, please visit the following links:
- https://nvd.nist.gov/vuln/detail/CVE-2023-20864
- https://nvd.nist.gov/vuln/detail/CVE-2023-20887
- https://www.bleepingcomputer.com/news/security/vmware-warns-of-exploit-available-for-critical-vrealize-rce-bug/
- https://www.vmware.com/security/advisories/VMSA-2023-0012.html
- https://kb.vmware.com/s/article/92684
If you have any questions regarding this Cybersecurity Threat Advisory, please contact our Security Operations Center.
