VMware has released patches for a critical-severity vulnerability that could enable remote code execution attacks.
Exploit code has been published for a critical-severity flaw in VMware's network monitoring tool, the company said on Thursday.
VMware confirmed that the critical command injection flaw (CVE-2023-20887) is being exploited in the wild.
A Chinese cyberespionage group known as UNC3886 has been exploiting a new zero day (CVE-2023-20867) in VMware Tools.
Several versions of VMware's network monitoring tool have flaws that could enable an attacker with existing network access to remotely execute code.