cbcvebase.
CVE-2023-20890
published 2023-08-29

CVE-2023-20890: Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria…

PriorityP259high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
21.64%
97.3th percentile
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
vmwarearia_operations_for_networks
vmwarearia_operations_for_networks>= 6.2.0 < 6.11.06.11.0

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-20890 is an arbitrary file write vulnerability in VMware Aria Operations for Networks requiring authenticated administrative access, leading to remote code execution via writing files to arbitrary locations. Monitor for unexpected file creation in sensitive OS paths by the Aria Operations for Networks service account/process.
  • CVE-2023-34039 (co-disclosed in VMSA-2023-0018) is an authentication bypass due to lack of unique cryptographic key generation (CVSSv3 9.8). Exploitation of CVE-2023-34039 may precede exploitation of CVE-2023-20890, enabling an unauthenticated attacker to chain both vulnerabilities for unauthenticated RCE. Monitor for unexpected administrative sessions or API calls on Aria Operations for Networks.
  • ·CVE-2023-20890 requires authenticated administrative access to exploit; however, it may be chained with the co-disclosed authentication bypass CVE-2023-34039 (CVSSv3 9.8) to achieve unauthenticated RCE. Both CVEs are addressed together in VMSA-2023-0018.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.