Security News > 2023 > June > VMware fixes critical vulnerability in vRealize network analytics tool

VMware fixes critical vulnerability in vRealize network analytics tool
2023-06-07 15:09

VMware issued multiple security patches today to address critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing attackers to gain remote execution or access sensitive information.

Previously known as vRealize Network Insight, this network visibility and analytics tool helps admins optimize network performance or manage and scale various VMware and Kubernetes deployments.

"A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution," Vmware says.

VMware patched today a second vulnerability that could lead to remote code execution on unpatched Aria Operations appliances, caused by an authenticated deserialization weakness tracked as CVE-2023-20888.

In April, VMware also addressed a critical bug that let attackers run code as root in the vRealize Log Insight log analysis tool.

Months earlier, Horizon3's Attack Team released proof-of-concept exploit code for another series of critical security flaws in the same VMware product patched one week earlier.


News URL

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vulnerability-in-vrealize-network-analytics-tool/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-07 CVE-2023-20888 Deserialization of Untrusted Data vulnerability in VMWare Vrealize Network Insight
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.
network
low complexity
vmware CWE-502
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 148 11 224 258 101 594