"VMware Aria Operations for Networks Vulnerability Exploited in the Wild (CVE-2023-20887)"
The exploitation of a pre-authentication command injection flaw, tracked as CVE-2023-20887, in VMware Aria Operations for Networks (previously vRealize Network Insight), has been observed in the wild. There are no workarounds available to mitigate the risk of exploitation, so enterprise administrators are advised to patch their deployments. The vulnerability is one of three recently discovered and privately communicated to VMware by Sina Kheirkhah of Summoning Team and an anonymous researcher. The company confirmed that a malicious actor with network access to VMware Aria Operations for Networks could perform a command injection attack resulting in Remote Code Execution (RCE). Kheirkhah published a proof-of-concept (PoC) exploit for the vulnerability on June 13, and according to GreyNoise, attempts to exploit the vulnerability began two days after. This article continues to discuss the VMware Aria Operations for Networks vulnerability.