Name of the Vulnerable Software and Affected Versions
VMware Aria Operations (affected versions not specified)
Description
VMware Aria Operations contains a command injection vulnerability that allows a malicious unauthenticated actor to execute arbitrary commands, potentially leading to remote code execution during support-assisted product migration. This vulnerability is actively exploited in the wild and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. The vulnerability has a CVSS score of 8.1 (High severity). Exploitation can compromise entire virtual infrastructures, including credentials and network topology.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Command Injection
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾