Security News > 2023 > October > VMware warns admins of public exploit for vRealize RCE flaw
VMware warned customers on Monday that proof-of-concept exploit code is now available for an authentication bypass flaw in vRealize Log Insight.
"Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published," the company said in an update to the original advisory.
When Horizon3 security researchers released a VMSA-2023-0001 PoC exploit one week after the company pushed security updates, they explained that their RCE exploit "Abuses the various Thrift RPC endpoints to achieve an arbitrary file write."
Threat actors frequently exploit vulnerabilities within previously compromised networks for lateral movement, making vulnerable VMware appliances valuable internal targets.
In June, VMware warned customers about another critical remote code execution vulnerability in VMware Aria Operations for Networks being exploited in attacks.
Exploit released for critical VMware SSH auth bypass vulnerability.
News URL
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-20 | CVE-2023-34051 | Incorrect Authorization vulnerability in VMWare Aria Operations for Logs VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | 9.8 |