Security News > 2023 > June > VMware warns of critical vRealize flaw exploited in attacks
VMware updated a security advisory published two weeks ago to warn customers that a now-patched critical vulnerability allowing remote code execution is being actively exploited in attacks.
This notice follows multiple warnings from cybersecurity firm GreyNoise, the first issued one week after VMware patched the security flaw on June 15 and just two days after security researcher Sina Kheirkhah shared technical details and proof-of-concept exploit code.
GreyNoise CEO Andrew Morris also alerted VMware admins of this ongoing malicious activity earlier today, which likely prompted VMware to update its advisory.
The vulnerability impacts VMware Aria Operations for Networks, a network analytics tool that helps admins optimize network performance or manage VMware and Kubernetes deployments.
Unauthenticated threat actors can exploit this command injection flaw in low-complexity attacks that don't require user interaction.
No workarounds are available to remove the attack vector for CVE-2023-20887, so admins must patch all VMware Aria Operations Networks 6.x on-prem installations to ensure they're secure from ongoing attacks.
News URL
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-07 | CVE-2023-20887 | Command Injection vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a command injection vulnerability. | 9.8 |