VMware, in an advisory released on April 20, 2023, warned of a severe deserialization vulnerability affecting multiple versions of Aria Operations for Logs (CVE-2023-20864, CVSS score: 9.8).
“An unauthenticated attacker with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root“, has said the virtualization service provider.
VMware Aria Operations for Logs 8.12 fixes this vulnerability together with a high severity command injection vulnerability (CVE-2023-20865, CVSS score: 7.2) that could allow an attacker with administrative privileges to execute arbitrary commands as root .
“CVE-2023-20864 is a critical issue and should be fixed immediately“said the company. “It should be noted that only version 8.10.2 is affected by this vulnerability.”
The alert comes nearly three months after VMware fixed two critical issues in the same product (CVE-2022-31704 and CVE-2022-31706, CVSS scores: 9.8) that could lead to remote code execution.
With appliances from Cisco and VMware proving to be lucrative targets for bad actors, users are advised to move quickly to apply updates to mitigate potential threats.
In conclusion
With appliances from Cisco and VMware proving to be very attractive targets for threat actors, users are advised to move quickly in applying updates to mitigate potential threats.
In general, it is important for companies to adopt a holistic cybersecurity strategy, which includes implementing regular patches, using up-to-date security tools, and educating employees on the importance of cybersecurity to protect their data and their corporate infrastructure from cyber attacks.
#Cisco #VMware #update #critical #issues #products