Security news that informs and inspires

VMware Fixes Critical Network Monitoring Tool Flaws


Several versions of VMware's network monitoring tool have flaws that could enable an attacker with existing network access to remotely execute code.

VMware is warning of three vulnerabilities in its network monitoring tool, including two critical-severity flaws that, if successfully exploited, could result in remote code execution attacks.

The three flaws (tracked as CVE-2023-20887, CVE-2023-20888 and CVE-2023-20889) exist in several versions of VMware’s Aria Operations for Networks solution, formerly known as vRealize Network Insight, which helps businesses monitor and analyze their networks and applications.

“Multiple vulnerabilities in Aria Operations for Networks were privately reported to VMware,” according to VMware’s security advisory on Wednesday. “Patches are available to remediate these vulnerabilities in affected VMware products.”

CVE-2023-20887, tied to the bug with the highest severity ranking (9.8 on the CVSS scale), could allow a threat actor that has existing network access to VMware’s Aria Operations for Networks to perform a command injection attack, which could enable remote code execution. The other critical-severity flaw, tracked as CVE-2023-20888, has a CVSS score of 9.1 and stems from an authenticated deserialization issue.

“A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution,” according to VMware’s advisory.

The third vulnerability (tracked as CVE-2023-20889), which is ranked as important severity, allows a bad actor with network access to VMware Aria Operations for Networks to perform a command injection attack that could enable information disclosure.

"VMware is not aware of exploits in the wild at this time for CVE-2023-20887, CVE-2023-20888, or CVE-2023-20889, and the security advisory we released this morning provides the patches that customers should apply to resolve the vulnerabilities," said a VMware spokesperson on Wednesday. "The security of our customers is a top priority, and we encourage them to apply the patches in a timely manner to protect their environment.”

Versions 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9 and 6.10 of Aria Operations for Networks are impacted by the flaws, and administrators are urged to apply updates. Threat actors have previously targeted flaws in the VMware platform. In February, the French CERT warned of a wave of exploit attempts targeting an old vulnerability in VMware ESXi with the goal of installing the ESXiArgs ransomware on compromised instances, for instance.