CVE-2023-20887 - Vmware Aria Operations for Networks Command Injection Vulnerability
Project:VMware
Product:Aria Operations for Networks
Date Added:2023-06-22Due Date:2023-07-13
Vulnerability Name
Vmware Aria Operations for Networks Command Injection Vulnerability
Description
VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
https://nvd.nist.gov/vuln/detail/CVE-2023-20887