uTalk

Official forum for Utopia Community

You are not logged in.

#1 2023-06-21 23:25:25

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Alert! Hackers are taking advantage of VMware's Aria Operation Network

rulEIaH.png
Aria Operations for Networks (previously vRealize Network Insight), which recently received a critical patch for the vulnerability, has been actively exploited in the wild, according to VMware.

The vulnerability, identified as CVE-2023-20887, could enable remote code execution if a malicious actor with access to the product's network conducted a command injection attack.

Version 6 of VMware Aria Operations Networks are affected. Version x was fixed in versions 6.2, 6.3, 6.4, and 6.5. 1, 6.6, 6.7, 6.8, 6.9, and 6.10 on June 7th, 2023.

The vulnerability has reportedly now been weaponized in real-world attacks, according to an update shared by the virtualization services provider on June 20; however, the specifics are still unknown.

According to the business, "VMware has confirmed that CVE-2023-20887 has been exploited in the wild.".

According to information gathered by the threat intelligence company GreyNoise, two different IP addresses in the Netherlands are actively exploiting the vulnerability.


VMware's vulnerability.

This change occurred after researcher Sina Kheirkhah of the Summoning Team, who found and reported the flaws, published a proof-of-concept (PoC) exploit for the vulnerability.

Kheirkhah stated that "this vulnerability comprises a chain of two issues leading to remote code execution (RCE) that can be exploited by unauthenticated attackers.".

If anything, a major threat to organizations all over the world still comes from the speed with which either state actors or financially motivated groups take newly discovered vulnerabilities and use them to their advantage.

The disclosure also comes in response to a Mandiant report that discovered active use of another vulnerability in VMware Tools (CVE-2023-20867) by a fictitious Chinese actor known as UNC3886 to backdoor Windows and Linux hosts.

It is advised that users of Aria Operations for Networks update as soon as possible to the newest version to reduce any risks.

Offline

Board footer

Powered by FluxBB