Security News > 2023 > June > VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)

CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks, has been spotted being exploited in the wild.

CVE-2023-20887 is one of three vulnerabilities recently discovered by Sina Kheirkhah of Summoning Team and an anonymous researcher and privately reported to VMware.

"A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution," the company confirmed.

A PoC exploit for CVE-2023-20887 has been published by Kheirkhah on June 13 and, according to GreyNoise, attempts to exploit the flaw started two days after.

"We have observed attempted mass-scanning activity utilizing the Proof-Of-Concept code mentioned above in an attempt to launch a reverse shell which connects back to an attacker controlled server in order to receive further commands," GreyNoise research analyst Jacob Fisher noted.

CVE-2023-20887, CVE-2023-20888 and CVE-2023-20889 affect versions 6.x of the solution.

News URL

https://www.helpnetsecurity.com/2023/06/21/cve-2023-20887-exploited/