VMware, a virtualization technology giant, is facing significant security issues in its enterprise-facing log analysis product. The company released urgent patches on Thursday to address critical security flaws in the VMware Aria Operations for Logs (previously known as vRealize Log Insight) product line. The company has warned businesses about the risk of pre-authentication remote root exploits.
A critical-level advisory from VMware details two separate vulnerabilities — CVE-2023-20864 and CVE-2023-20865 — in the VMware Aria Operations for Logs suite. The advisory also provides guidance to help organizations mitigate these issues. The CVE-2023-20864 vulnerability allows an unauthenticated, malicious actor with network access to VMware Aria Operations for Logs to execute arbitrary code as root. This flaw has a CVSS severity score of 9.8 out of 10.
The second vulnerability, CVE-2023-20865, is a command injection issue with a CVSS score of 7.2 out of 10. The advisory states, “A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.” VMware's security issues with the vRealize Logging product line are well-documented, as the company has patched several high-severity issues in the past and confirmed the release of exploit code targeting known software bugs. The VMWare vRealize product has been featured in the CISA KEV (Known Exploited Vulnerabilities) must-patch catalog.
VMware has previously patched VM escape flaws exploited at the Geekpwn event and confirmed the release of exploit code for critical vRealize Logging flaws. The company has also addressed high-severity vulnerabilities in the vRealize Operations product line. As organizations continue to face cybersecurity challenges, it is crucial to stay informed and apply necessary patches to protect against potential threats.