VMware has announced that a critical command injection vulnerability, designated as CVE-2023-20887, in Aria Operations for Networks (formerly known as vRealize Network Insight), is currently being exploited in the wild. This breach allows attackers with network access to perform command injection attacks, potentially leading to remote code execution.
The vulnerability affects VMware Aria Operations Networks versions 6.x. The company released patches in versions 6.2 through 6.10 on June 7, 2023. However, a recent update from VMware on June 20, 2023, confirmed that this flaw has been weaponized in active attacks, although specific details on these incidents remain sparse.
Data compiled by threat intelligence firm GreyNoise indicates that the exploitation of this vulnerability has been traced to two separate IP addresses in the Netherlands, beginning on June 13, 2023. This activity coincides with the release of a proof-of-concept (PoC) exploit by researcher Sina Kheirkhah, who first reported on the issue.
Kheirkhah elucidated that the vulnerability consists of a chain of two distinct issues that enable unauthenticated attackers to achieve remote code execution. VMware has officially confirmed the active exploitation of CVE-2023-20887, heightening the urgency for organizations to implement the necessary updates.
The swift exploitation of newly disclosed vulnerabilities is a growing concern across the cybersecurity landscape. State-sponsored actors and financially motivated attackers alike are quick to capitalize on such gaps, posing significant risks to global organizations. This incident also follows a separate report by Mandiant, revealing another flaw in VMware Tools (CVE-2023-20867) actively exploited by a suspected Chinese group, further underscoring the pressing nature of these security threats.
Business owners utilizing Aria Operations for Networks are strongly advised to upgrade to the latest versions as a precautionary measure against impending risks associated with this vulnerability. The MITRE ATT&CK framework identifies likely tactics relevant here, which include initial access and potential privilege escalation techniques employed during these attacks, serving as a critical reminder of the methods adversaries may leverage in exploiting vulnerabilities.
In summary, the risks associated with unpatched vulnerabilities like CVE-2023-20887 necessitate immediate action from affected entities. Continuous vigilance, timely updates, and a robust understanding of attack methodologies remain essential to safeguarding against potential breaches.
