CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being exploited in the wild.
There are no workarounds to mitigate the risk of exploitation – enterprise admins are advised to upgrade their deployments with patches.
CVE-2023-20887 is one of three vulnerabilities recently discovered by Sina Kheirkhah of Summoning Team and an anonymous researcher and privately reported to VMware.
“A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution,” the company confirmed.
“We have observed attempted mass-scanning activity utilizing the Proof-Of-Concept code mentioned above in an attempt to launch a reverse shell which connects back to an attacker controlled server in order to receive further commands,” GreyNoise research analyst Jacob Fisher noted.
CVE-2023-20887, CVE-2023-20888 (an authenticated deserialization vulnerability) and CVE-2023-20889 (an information disclosure vulnerability) affect versions 6.x of the solution. Patches for each version are available here.