VMware Patches Critical Vulnerability in vRealize Network Analytics Tool

June 7, 2023

VMware has issued multiple security patches to address critical and high-severity vulnerabilities in its network visibility and analytics tool, VMware Aria Operations for Networks, formerly known as vRealize Network Insight (vRNI). This tool assists administrators in optimizing network performance and managing and scaling various VMware and Kubernetes deployments. The most critical of the three security bugs fixed is a command injection vulnerability, CVE-2023-20887, which unauthenticated threat actors can exploit in low-complexity attacks that do not require user interaction. "A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution," VMware states.

VMware also patched a second vulnerability that could lead to remote code execution on unpatched Aria Operations appliances. This vulnerability, tracked as CVE-2023-20888, is caused by an authenticated deserialization weakness and requires network access to the vulnerable appliance and valid 'member' role credentials for a successful deserialization attack leading to remote code execution.

The third flaw, an information disclosure vulnerability tracked as CVE-2023-20889, enables malicious actors to access sensitive information following a successful command injection attack. VMware says there are no workarounds available to remove the attack vector, so administrators must patch all VMware Aria Operations Networks 6.x on-prem installations to secure them against attacks.

The complete list of security patches released to address these flaws for all vulnerable Aria Operations for Networks versions can be found on VMware's Customer Connect website. The company has also shared detailed steps on the procedure required to apply the patch bundles on the same page. This process requires downloading the update patch file, uploading it while logged in as the Administrator user in the vRNI GUI, and installing it from Settings > Install and Support > Overview and Updates.

In April, VMware addressed a critical bug that allowed attackers to run code as root in the vRealize Log Insight log analysis tool. Months earlier, Horizon3's Attack Team released proof-of-concept exploit code for another series of critical security flaws in the same VMware product patched one week earlier.

Latest News

• Major Companies Affected by MOVEit Zero-Day Attack
• Google Addresses Third Chrome Zero-Day Exploit in 2023
• KeePass v2.54 Update Addresses Master Password Leakage Bug
• Clop Ransomware Gang Linked to MOVEit Data-Theft Attacks by Microsoft
• Zyxel Encourages Firmware Updates to Protect Firewalls from Exploited Vulnerabilities