CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2023-20887

CVSS 9.8v3.1pub. 2023-06-07upd. 2025-10-28

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • VMware Aria Operations For Networks

    APP
    Vmware
    6.2.0 – 6.10.0

CISA KEV — detailsi

Vendori
VMware
Producti
Aria Operations for Networks
Added to KEVi
June 22, 2023
Remediation deadline (US Federal)i
July 13, 2023(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 13 lipca 2023
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-34039CRITICAL9.8ten sam produkt

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptogra...

CVE-2024-22237HIGH7.8ten sam produkt

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access t...

CVE-2023-20890HIGH7.2ten sam produkt

Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor ...

CVE-2024-22241MEDIUM4.3ten sam produkt

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privi...

CVE-2024-22238MEDIUM6.4ten sam produkt

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privi...