VMware Discloses Active Exploitation of Critical Vulnerability in Aria Operations Networks

Threat actors are at it again. VMware has updated a previously issued security advisory to alert customers about the active exploitation of a critical remote code execution (RCE) vulnerability, tracked as CVE-2023-20887. This vulnerability is located within VMware Aria Operations for Networks (formerly known as vRealize Network Insight). Read on to learn more about this critical vulnerability. 

Tell me about the critical vulnerability in VMware’s Aria Operations Networks

VMware Aria Operations for Networks is a widely used network analytics tool that helps administrators optimize network performance and manage VMware and Kubernetes deployments. 

What makes this vulnerability concerning is that threat actors can exploit the flaw using low-complexity attacks that do not require user interaction or authentication. This means successfully exploiting the vulnerability is a lot easier, and could enable a remote attacker to execute arbitrary commands on the underlying operating system as the root user. 

VMware first patched the security vulnerability on June 15. However, it’s important to note that workarounds are not available to mitigate this vulnerability, making immediate patching the only option. 

What is Nuspire doing to address the VMware critical vulnerability?

Nuspire’s threat hunting operations remain on high alert for any indications of the VMware vulnerability being exploited within client environments. Nuspire is not affected by this vulnerability. 

How should I mitigate the vulnerability in VMware’s Aria Operations Networks?

Due to the severity and active exploitation of this vulnerability, organizations are strongly advised to: 

  1. Apply the necessary patches to all VMware Aria Operations Networks 6.x on-premise installations immediately. We cannot emphasize enough how crucial this is, as there are no workarounds to mitigate this threat. Information can be found in the published advisory. 
  2. Continue to monitor for updates from VMware regarding this critical vulnerability and take action with any recommendations the company provides. 
  3. Visit VMware’s Customer Connect website to access a complete list of security patches for all vulnerable Aria Operations for Networks versions and obtain the appropriate patches. 

This situation highlights the critical importance of maintaining updated software to ensure the highest possible level of security against potential threats.  

Have you registered for our next event?