October 2, 2023

VMware has come up with a stern warning to its customers about an availability of exploit code for a critical vulnerability in the VMware Aria Operations for Logs analysis tool,

The flaw tracked as CVE-2023-20864 is a deserialization weakness patched in April, and it allows unauthenticated attackers to gain remote execution on unpatched appliances. Successful exploitation enables threat actors to run arbitrary code as root following low-complexity attacks that don’t require user interaction.

Advertisements

VMware has confirmed that exploit code for CVE-2023-20864 has been published, in an update to the initial security advisory. itis a critical issue and should be patched immediately as per the instructions in the advisory. – the company noted

In April, VMware also issued security updates to address a less severe command injection vulnerability tracked as CVE-2023-20865 that would let remote attackers with administrative privileges execute arbitrary commands as root on vulnerable appliances. Both flaws have been fixed with the release of VMware Aria Operations for Logs 8.12. For now, there is no evidence of vulnerability exploited in wild.

Tags:

Leave a Reply

You may have missed

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023

Exim Mail Transfer Server Vulnerabilities

September 30, 2023
%d bloggers like this: