virus logo Threat Signal Report

VMware Aria Operations for Logs Deserialization Vulnerability (CVE-2023-20864)

Description

What is VMware Aria Operations for Logs? VMware Aria Operations for Logs (formerly known as vRealize Log Insight) is a log analysis and management tool used for troubleshooting and auditing.
What is the Attack? CVE-2023-20864 a deserialization vulnerability in VMware Aria Operations for Logs that could allow an unauthenticated attacker with network access to execute arbitrary code as root. The vulnerability has a CVSS base score of 9.8 and is rated critical by VMware.
Why is this Significant? This is significant because VMware confirmed that exploit code for CVE-2023-20864 has been made available. This is expected to lead to an increase in attacks.
FortiGuard Labs advises that the patch should be applied as soon as possible.
What is the Vendor Solution?
VMware released a patch for CVE-2023-20864 on April 20th, 2023.
For details, please refer to the link " VMSA-2023-0007.1" in the Appendix.
What FortiGuard Coverage is available? FortiGuard Labs has a IPS signature " VMware.AO.InternalClusterController.Insecure.Deserialization" in place for CVE-2023-20864.

Telemetry

Appendix

VMSA-2023-0007.1 (VMware)

VMware's Response To CVE-2023-20864 and CVE-2023-20865 (91831) (VMware)

CVE-2023-20864 (MITRE)


ID 54
Date Jul 13, 2023
Threat/
Vulnerability		 Arbitrary Code Execution
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services