Three Severe Vulnerabilities in VMware’s Aria Operations for Networks
If you’re using VMware’s Aria Operations for Networks, you need to be aware of three critical vulnerabilities that have been recently discovered. These vulnerabilities, if exploited, can lead to remote code execution and information disclosure, posing a significant risk to your network’s security. Let’s break down each of these vulnerabilities and understand what steps you need to take to protect your network.
Critical Vulnerabilities Detailed
Among the vulnerabilities detailed in VMSA-2023-0012, three have been given specific attention:
1. Aria Operations for Networks Command Injection Vulnerability (CVE-2023-20887)
This vulnerability is a command injection vulnerability, which has been evaluated by VMware as critical with a maximum CVSSv3 base score of 9.8.
How does it work?
A malicious actor with network access to VMware Aria Operations for Networks can perform a command injection attack, which leads to remote code execution. Essentially, this means the attacker can run arbitrary commands on your network remotely.
How to mitigate it?
VMware has released updates to remediate this vulnerability. It is crucial that you apply these updates as soon as possible. At this time, there are no known workarounds other than applying the update.
2. Aria Operations for Networks Authenticated Deserialization Vulnerability (CVE-2023-20888)
This vulnerability is an authenticated deserialization vulnerability, rated as critical by VMware with a maximum CVSSv3 base score of 9.1.
How does it work?
An attacker with network access to Aria Operations for Networks and valid ‘member’ role credentials can perform a deserialization attack, which can also lead to remote code execution. This kind of attack involves manipulating serialized (formatted) data to achieve arbitrary code execution when the data is deserialized (converted back into an object).
How to mitigate it?
Similar to the first vulnerability, VMware has released updates that need to be applied to mitigate this issue. There are no alternative workarounds, so applying the update is essential.
3. Aria Operations for Networks Information Disclosure Vulnerability (CVE-2023-20889)
This vulnerability is an information disclosure vulnerability and is considered important with a maximum CVSSv3 base score of 8.8.
How does it work?
With network access to VMware Aria Operations for Networks, a malicious actor can perform an attack that results in information disclosure. This essentially means that the attacker could gain access to sensitive information on your network.
How to mitigate it?
Again, applying the updates released by VMware is the key step in mitigating this vulnerability. There are no workarounds.
VMware’s Response
In response to these findings, VMware has swiftly released patches to address each of the vulnerabilities outlined in the advisory. Users are strongly urged to apply these patches promptly to safeguard their systems.
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| VMware Aria Operations Networks | 6.x | Any | CVE-2023-20887, CVE-2023-20888, CVE-2023-20889 | 9.8, 9.1, 8.8 | Critical | KB92684 | None | N/A |
In addition to applying the patches, VMware customers are encouraged to follow best practices in cybersecurity, such as regularly monitoring systems for unusual activity, educating staff on the importance of cybersecurity, and ensuring that all software is kept up to date.
