PT-2023-6318 · Vmware · Vmware Aria Operations For Logs
James Horseman
·
Publicado
2023-10-19
·
Atualizado
2026-03-08
·
CVE-2023-34051
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VMware Aria Operations for Logs (affected versions not specified)
Description
The issue is related to an authentication bypass vulnerability in VMware Aria Operations for Logs. This vulnerability can be exploited by an unauthenticated, malicious actor to inject files into the operating system of an impacted appliance, resulting in remote code execution. It is estimated that around 139 devices are affected, mainly distributed in Singapore, South Africa, and other countries. A proof-of-concept exploit for this vulnerability has been released, and VMware has warned customers about its existence.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Improper Authentication
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Vmware Aria Operations For Logs