PT-2023-6318 · Vmware · Vmware Aria Operations For Logs
James Horseman
·
Published
2023-10-19
·
Updated
2026-03-08
·
CVE-2023-34051
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VMware Aria Operations for Logs (affected versions not specified)
Description
The issue is related to an authentication bypass vulnerability in VMware Aria Operations for Logs. This vulnerability can be exploited by an unauthenticated, malicious actor to inject files into the operating system of an impacted appliance, resulting in remote code execution. It is estimated that around 139 devices are affected, mainly distributed in Singapore, South Africa, and other countries. A proof-of-concept exploit for this vulnerability has been released, and VMware has warned customers about its existence.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Improper Authentication
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vmware Aria Operations For Logs