CVE-2023-20887
Vmware Aria Operations for Networks Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
98.3%
p100
KEV
YES
Jun 22, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
VMware / Aria Operations for Networks
Vulnerability
Vmware Aria Operations for Networks Command Injection Vulnerability
Added to KEV
Jun 22, 2023
Remediate by
Jul 13, 2023
Known ransomware use
No
Summary description
VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://www.vmware.com/security/advisories/VMSA-2023-0012.html; https://nvd.nist.gov/vuln/detail/CVE-2023-20887
No related CVEs by CWE or product.