VMware warns of exploit available for critical vRealize RCE bug

From bleepingcomputer.com

VMware warned customers today that exploit code is now available for a critical vulnerability in the VMware Aria Operations for Logs analysis tool, which helps admins manage terabytes worth of app and infrastructure logs in large-scale environments.

The flaw (CVE-2023-20864) is a deserialization weakness patched in April, and it allows unauthenticated attackers to gain remote execution on unpatched appliances.

Successful exploitation enables threat actors to run arbitrary code as root following low-complexity attacks that don’t require user interaction.

“VMware has confirmed that exploit code for CVE-2023-20864 has been published,” the company noted in an update to the initial security advisory.

“CVE-2023-20864 is a critical issue and should be patched immediately as per the instructions in the advisory.”

In April, VMware also issued security updates to address a less severe command injection vulnerability (CVE-2023-20865) that would let remote attackers with administrative privileges execute arbitrary commands as root on vulnerable appliances.

Both flaws have been fixed with the release of VMware Aria Operations for Logs 8.12. Fortunately, there is currently no evidence to suggest exploitation in attacks.

Read more…