VMware Warns of Exploit Available for Critical vRealize RCE Bug

Cyber Security Threat Summary:
“VMware warned customers today that exploit code is now available for a critical vulnerability in the VMware Aria Operations for Logs analysis tool, which helps admins manage terabytes worth of app and infrastructure logs in large-scale environments. The flaw (CVE-2023-20864) is a deserialization weakness patched in April, and it allows unauthenticated attackers to gain remote execution on unpatched appliances” (Bleeping Computer, 2023). Link(s):
Exploitation of the vulnerability could allow adversaries to run arbitrary code as root. To make matters worse, this low-complexity exploitation does not require any user interaction. "VMware has confirmed that exploit code for CVE-2023-20864 has been published," the company noted in an update to the initial security advisory. CVE-2023-20864 is a critical issue and should be patched immediately as per the instructions in the advisory." Link(s):
Security Officer Comments:
CVE-2023-20864 can be added to a recent list of critical vulnerabilities in VMware products. In April, VMware also fixed a command injection vulnerability tracked as CVE-2023-20865, which allows a remote attacker with admin privileges to execute arbitrary commands as root on vulnerable appliances. Recently, VMware issued another alert about a now-patched critical bug (CVE-2023-20887) in VMware Aria Operations for Networks (formerly vRealize Network Insight), allowing remote command execution as the root user and being actively exploited in attacks. CISA also added the flaw to its list of known exploited vulnerabilities and ordered U.S. federal agencies to apply security updates by July 13th. Link(s):
Suggested Correction(s):
Administrators are advised to quickly patch CVE-2023-20864, as threat actors will look to quickly exploit the available proof-of-concepts published online. Researchers note that the number of online-exposed VMware vRealize instances is relatively low, but it aligns with the intended design of these appliances, which primarily focus on internal network access within organizations. Link(s):
Link(s):
https://www.vmware.com/security/advisories/VMSA-2023-0007.html https://www.bleepingcomputer.com/