Outbreak AlertVMware Aria Operations for Networks Command Injection Vulnerability
Actively exploited in the wild
VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution. According to the vendor advisory, the vulnerability has been seen exploited in the wild. Learn More »
Common Vulnerabilities and Exposures
Background
VMware Aria Operations for Networks is a network monitoring tool that helps to build an optimized, highly available and secure network infrastructure across multicloud environments. It consists both SaaS and on-premises solutions. Early June, 2023, VMware Aria Operations for Networks update was released which addressed multiple vulnerabilities. (CVE-2023-20887, CVE-2023-20888, CVE-2023-20889). VMware has confirmed that exploit code (proof-of-concept) for CVE-2023-20887 is available online.
Threat Radar Overall Score:
 |
CVSS Rating | 9.0 |
 |
FortiRecon Score | 92/100 |
 |
Known Exploited | Yes |
 |
Exploit Prediction Score | 96.39% |
 |
FortiGuard Telemetry | 5510 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
June 7, 2023: VMware Aria Operations for Networks released security advisory.
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
June 20, 2023: VMware confirmed that exploitation of CVE-2023-20887 has occurred in the wild.
June 22, 2023: CISA added CVE-2023-20887 to its known exploited vulnerability catalog (KEV).
June 22, 2023: FortiGuard Labs has released the IPS signature to block any attack attempts targeting the vulnerability (CVE-2023-20887). To remediate risk completely, apply the updates listed on the vendor links provided.
https://kb.vmware.com/s/article/92684
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
IPS
-
Web App Security
-
Post-execution
-
Threat Hunting
-
Outbreak Detection
-
Content Update
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
| Indicator | Type | Status |
|---|---|---|
| 185.225.74.16 | ip | Active |
| 193.187.172.27 | ip | Active |
References
Sources of information in support and relation to this Outbreak and vendor.