Security News > 2023 > June > A (cautionary) tale of two patched bugs, both exploited in the wild
Miscreants are right now exploiting two security bugs for which patches exist, one in a VMware network and applications monitoring tool and the other in some TP-Link routers.
VMware two weeks ago issued a fix for CVE-2023-20887, a critical command-injection vulnerability in Aria Operations for Networks that can be abused to achieve remote code execution.
The 9.8-out-of-10-severity rated VMware bug, CVE-2023-20887, was disclosed and patched by the virtualization giant on June 7 alongside two other vulnerabilities in Aria Operations for Networks: CVE-2023-20888, an authenticated deserialization vulnerability that received a 9.1 severity score, and CVE-2023-20889, an 8.8-rated information disclosure vulnerability.
Researcher Sina Kheirkhah, working with Trend Micro's Zero Day Initiative found and reported all three security issues to VMware, and last week Kheirkhah uploaded a proof-of-concept exploit for CVE-2023-20887 to GitHub.
The second bug under active exploit, CVE-2023-1389, affects TP-Link Archer AX21 firmware versions before 1.1.4.
While the sample that the two researchers analyzed only scanned for CVE-2023-1389, "Other Condi botnet samples were also seen exploiting other vulnerabilities to propagate," Salvio and Tay warned.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/21/vmware_bug_under_exploit/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-07 | CVE-2023-20889 | Command Injection vulnerability in VMWare Vrealize Network Insight Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | 7.5 |
| 2023-06-07 | CVE-2023-20888 | Deserialization of Untrusted Data vulnerability in VMWare Vrealize Network Insight Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. | 8.8 |
| 2023-06-07 | CVE-2023-20887 | Command Injection vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a command injection vulnerability. | 9.8 |
| 2023-03-15 | CVE-2023-1389 | Command Injection vulnerability in Tp-Link Archer Ax21 Firmware TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. | 8.8 |