CVE-2023-20887

Published Jun 7, 2023

Last updated 5 months ago

Exploit knownCVSS critical 9.8

Overview

Description
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
Source
security@vmware.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Vmware Aria Operations for Networks Command Injection Vulnerability
Exploit added on
Jun 22, 2023
Exploit action due
Jul 13, 2023
Required action
Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov
CWE-77

Social media

Hype score
Not currently trending

Configurations

References