Cyber Security Threat Summary:
Yesterday, VMware addressed several critical and high-severity vulnerabilities impacting its VMware Aria Operations for Networks. “Previously known as vRealize Network Insight (vRNI), this network visibility and analytics tool helps admins optimize network performance or manage and scale various VMware and Kubernetes deployments” (Bleeping Computer, 2023). Tracked as CVE-2023-20887, CVE-2023-20888, CVE-2023-20889, the flaws relate to a case of command injection, authenticated deserialization, and information disclosure. Out of the three bugs fixed, CVE-2023-20887 is the most severe, having received a 9.8 CVSS score out of 10. Successful exploitation of this flaw could enable threat actors to perform a command injection attack resulting in remote code execution. Furthermore, the flaw can be exploited in low-complexity attacks as no user-interaction is required.

Security Officer Comments:
CVE-2023-20887, CVE-2023-20888, CVE-2023-20889 impact Aria Operations for Networks versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10. Each version has received a patch which can be downloaded from VMware’s advisory down below:

https://kb.vmware.com/s/article/92684

As of writing, VMware has not disclose whether the flaws were exploited in the wild. Nor has any POC been released for the bugs. Given the public disclosure, it won’t be long before threat actors target vulnerable systems.

Suggested Correction(s):
Given that no there were no workarounds issued for the flaws, administrators should patch all VMware Aria Operations Networks 6.x on-prem installations to prevent potential attacks.

On VMware's Customer Connect website, the company has shared details steps on the procedure required to apply the patch bundles, which requires downloading the update patch file, uploading it while being logged as the Administrator user in the vRNI GUI, and installing it from Settings > Install and Support > Overview and Updates.

Source: https://www.bleepingcomputer.com/n