CVE-2023-20864: Critical vulnerability in VMware Aria Operations for Logs

CVE-2023-20864

VMware Aria Operations for Logs is one such solution that helps organizations monitor and manage their log data. However, recent reports have disclosed two critical security vulnerabilities (CVE-2023-20864 and CVE-2023-20865) in the software.

CVE-2023-20864

  1. CVE-2023-20864 (CVSS Score: 9.8): Deserialization Vulnerability 

    VMware Aria Operations for Logs contains a deserialization vulnerability, which can lead to potential exploitation by unauthenticated malicious actors. With network access to VMware Aria Operations for Logs, an unauthenticated attacker could potentially execute arbitrary code as root, compromising the security and integrity of the system.

    VMware has addressed this issue in version 8.12 of Aria Operations for Logs, ensuring that the vulnerability is effectively patched. There are no known workarounds for this vulnerability.

    VMware expresses its gratitude to Anonymous, working with Trend Micro Zero Day Initiative, for reporting this issue.

  2. CVE-2023-20865 (CVSS Score: 7.2): Command Injection Vulnerability 

    The second vulnerability discovered in VMware Aria Operations for Logs is a command injection vulnerability that could be exploited by malicious actors with administrative privileges. An attacker with administrative privileges can execute arbitrary commands as root, potentially gaining unauthorized access to sensitive data or causing harm to the system.

    VMware has fixed this issue in version 8.12 of Aria Operations for Logs, mitigating the threat posed by this vulnerability. There are no known workarounds for this vulnerability.

    VMware extends its appreciation to Y4er & MoonBack of 埃文科技 for reporting this vulnerability.

In response to these findings, VMware has released version 8.12 of Aria Operations for Logs, which addresses both CVE-2023-20864 and CVE-2023-20865. Users of the software are strongly advised to update to this version as soon as possible to safeguard their systems and data from potential exploitation.