CVE-2023-20890
published 2023-08-29CVE-2023-20890: Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria…
PriorityP259high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
21.64%
97.3th percentile
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | aria_operations_for_networks | — | — |
| vmware | aria_operations_for_networks | >= 6.2.0 < 6.11.0 | 6.11.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-20890 is an arbitrary file write vulnerability in VMware Aria Operations for Networks requiring authenticated administrative access, leading to remote code execution via writing files to arbitrary locations. Monitor for unexpected file creation in sensitive OS paths by the Aria Operations for Networks service account/process. ↗
- →CVE-2023-34039 (co-disclosed in VMSA-2023-0018) is an authentication bypass due to lack of unique cryptographic key generation (CVSSv3 9.8). Exploitation of CVE-2023-34039 may precede exploitation of CVE-2023-20890, enabling an unauthenticated attacker to chain both vulnerabilities for unauthenticated RCE. Monitor for unexpected administrative sessions or API calls on Aria Operations for Networks. ↗
- ·CVE-2023-20890 requires authenticated administrative access to exploit; however, it may be chained with the co-disclosed authentication bypass CVE-2023-34039 (CVSSv3 9.8) to achieve unauthenticated RCE. Both CVEs are addressed together in VMSA-2023-0018. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6gvx-4fmf-52xf: Aria Operations for Networks contains an arbitrary file write vulnerability
ghsa_unreviewed·2023-08-29
CVE-2023-20890 [HIGH] CWE-22 GHSA-6gvx-4fmf-52xf: Aria Operations for Networks contains an arbitrary file write vulnerability
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
VMware
VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-34039, CVE-2023-20890)
vendor_vmware·2023-08-29·CVSS 7.2
CVE-2023-20890 [HIGH] VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-34039, CVE-2023-20890)
VMSA-2023-0018: VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-34039, CVE-2023-20890)
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8.
CVEs: CVE-2023-20890, CVE-2023-34039
Affected products: VMware Aria
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-29
Published