CVE-2023-20890Path Traversal in Vmware Aria Operations FOR Networks

CWE-22Path Traversal4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.8%
top 26.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Aria Operations FOR Networks
Timeline
PublishedAug 29

Description

Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5vmware/aria_operations_for_networksAria Operations for Networks 6.x
NVDvmware/aria_operations6.2.06.11.0

🔴Vulnerability Details

2
GHSA
GHSA-6gvx-4fmf-52xf: Aria Operations for Networks contains an arbitrary file write vulnerability2023-08-29
CVEList
CVE-2023-20890: Aria Operations for Networks contains an arbitrary file write vulnerability2023-08-29

📋Vendor Advisories

1
VMware
VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-34039, CVE-2023-20890)2023-08-29
CVE-2023-20890 — Path Traversal in Vmware | cvebase