Security News > 2023 > October > VMware warns admins of public exploit for vRealize RCE flaw
VMware warned customers on Monday that proof-of-concept exploit code is now available for an authentication bypass flaw in vRealize Log Insight.
"Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published," the company said in an update to the original advisory.
When Horizon3 security researchers released a VMSA-2023-0001 PoC exploit one week after the company pushed security updates, they explained that their RCE exploit "Abuses the various Thrift RPC endpoints to achieve an arbitrary file write."
Threat actors frequently exploit vulnerabilities within previously compromised networks for lateral movement, making vulnerable VMware appliances valuable internal targets.
In June, VMware warned customers about another critical remote code execution vulnerability in VMware Aria Operations for Networks being exploited in attacks.
Exploit released for critical VMware SSH auth bypass vulnerability.
- Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit (source)
- Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities (source)
- Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability (source)
- RCE exploit for Wyze Cam v3 publicly released, patch now (source)
- CISA warns of actively exploited Juniper pre-auth RCE exploit chain (source)
- Exploit for CrushFTP RCE chain released, patch now (source)
- Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits (source)
|2023-10-20||CVE-2023-34051|| Incorrect Authorization vulnerability in VMWare Aria Operations for Logs |
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
| 9.8 |