overview

A recently patched critical VMware vulnerability is now being exploited in the wild. CVE-2023-20887 is a command injection vulnerability found in Aria Operations for Networks. The vulnerability allows attackers with network access to launch a command injection attack which results in remote code execution.  

CVE-2023-20887 has a CVSS score of 9.8 and impacts VMware Aria Operations for Networks version 6.x. The company has patched the vulnerability and has released fixes in the following versions:  

  • 6.2 
  • 6.3 
  • 6.4 
  • 6.5.1 
  • 6.6 
  • 6.7 
  • 6.8 
  • 6.9 
  • 6.10

Although VMware has not released information regarding real-world attacks, the company has acknowledged that the vulnerability is being weaponized. The attacks have come after several warnings from the threat intelligence firm GreyNoise. The firm observed attempted mass-scanning activity after a researcher published the Proof-of-Concept code for CVE-2023-20887. According to data collected by GreyNoise, exploitation of the vulnerability originated on June 13, 2023, from two IP addresses located in the Netherlands. Because there are no workarounds, users of Aria Operations for Networks are advised to patch immediately to keep systems and networks secure.  

  

   

avertium's recommendationS

Avertium recommends applying the appropriate patches as soon as possible. For patch guidance, please see VMware’s advisory 



 

INDICATORS OF COMPROMISE (IoCs)

IP Addresses 

  • 185[.]225[.]74[.]16 
  • 193[.]187[.]172[.]27 

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Vulnerability Management 
  • Fusion MXDRis the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 






 

SUPPORTING DOCUMENTATION

VMSA-2023-0012.2 (vmware.com) 

Pre-authenticated RCE in VMware vRealize Network Insight (summoning.team) 

VMware warns of critical vRealize flaw exploited in attacks (bleepingcomputer.com) 

Alert! Hackers Exploiting Critical Vulnerability in VMware's Aria Operations Networks (thehackernews.com) 

Query Results | GreyNoise Visualizer 
Chat With One of Our Experts



VMWare vulnerability Flash Notice VMware Critical Vulnerability Blog