Security News > 2023 > October > VMware warns admins of public exploit for vRealize RCE flaw
VMware warned customers on Monday that proof-of-concept exploit code is now available for an authentication bypass flaw in vRealize Log Insight.
"Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published," the company said in an update to the original advisory.
When Horizon3 security researchers released a VMSA-2023-0001 PoC exploit one week after the company pushed security updates, they explained that their RCE exploit "Abuses the various Thrift RPC endpoints to achieve an arbitrary file write."
Threat actors frequently exploit vulnerabilities within previously compromised networks for lateral movement, making vulnerable VMware appliances valuable internal targets.
In June, VMware warned customers about another critical remote code execution vulnerability in VMware Aria Operations for Networks being exploited in attacks.
Exploit released for critical VMware SSH auth bypass vulnerability.
News URL
Related news
- Mitel 0-day, 5-year-old Oracle RCE bug under active exploit (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
- Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-20 | CVE-2023-34051 | Incorrect Authorization vulnerability in VMWare Aria Operations for Logs VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | 9.8 |