Summary:
VMware recently patched a critical vulnerability that could enable remote actors to gain remote execution on vulnerable appliances. Tracked as CVE-2023-20864, the flaw impacts VMware Aria Operations for Logs, a log analysis tool that is used to manage terabytes worth of application and infrastructure logs in large-scale environments. According to VMware, the vulnerability can be exploited in low-complexity attacks as it does not require user interaction. Furthermore, successful exploitation of CVE-2023-20864, could allow threat actor with network access to VMware Aria Operations for Logs to execute arbitrary code as root.

Analyst comments:
VMware did not disclose whether CVE-2023-20864 was exploited in attacks in the wild. Given the severity of organizations should secure their appliances as soon as possible.

In addition to CVE-2023-20864, the vendor also patched another vulnerability, rated high in severity. Tracked as CVE-2023-20865, the is related to a command injection bug that also impacts VMware Aria Operations for Logs. Similar to CVE-2023-20864, successful exploitation of this flaw could allow a malicious actor with administrative privileges in VMware Aria Operations for Logs to execute arbitrary commands as root.

Mitigation:
CVE-2023-20864 impacts version VMware Aria Operations for Logs 8.10.2 while CVE-2023-20865 impacts other versions. Both flaws have been addressed in VMware Aria Operations for Logs 8.12.

Source:
https://www.bleepingcomputer.com/ne...lize-bug-that-let-attackers-run-code-as-root/ https://kb.vmware.com/s/article/91831