In order to address significant security flaws in the VMware Aria Operations for Logs (previously vRealize Log Insight) product line, VMware has urgently published updates. The company has also issued a warning about the possibility of pre-authentication remote root attacks. The VMware Aria Operations for Logs package contains two distinct vulnerabilities, CVE-2023-20864 and CVE-2023-20865, which are documented in a critical-level advisory from VMware. The warning also offers recommendations to help businesses avoid the problems.

“An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root,” the company said in its documentation of the CVE-2023-20864 vulnerability. The flaw carries a CVSS severity score of 9.8 out of 10.

With a CVSS rating of 7.2/10, the second vulnerability is classified as a command injection problem.

“A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root,” according to the advisory.

It is commonly known that VMware’s vRealize Logging product line has security issues. The corporation has verified the distribution of exploit code aimed at well-known software defects and corrected a number of high-severity issues in the past. The CISA KEV (Known Exploited Vulnerabilities) must-patch catalog lists the VMware vRealize software.

Source

https://www.bleepingcomputer.com/news/security/vmware-fixes-vrealize-bug-that-let-attackers-run-code-as-root/