Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued

VMware released updates for vulnerabilities in Aria Operations for Networks and addressed the flaws in an advisory.

CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889, which allowed hackers to remotely run codes and steal system data, were offered security updates. The vulnerabilities in VMware Aria ranged between critical to high severity.

Vulnerabilities in VMware Aria Operations for Networks

CVE-2023-20887 had a CVSS score of 9.8 which made it a critical vulnerability. Hackers could achieve remote code execution by exploiting this flaw in unpatched software.

CVE-2023-20888 had a severity score of 9.1 and it was a deserialization vulnerability. Hackers with valid member role credentials and network access to VMware Aria Operations for Networks could perform a deserialization attack. This could be further leveraged to remote code execution.

CVE-2023-20889 had a CVSS score of 8.8 which made this also a high-severity bug. This bug allowed hackers to perform command injection attacks and steal sensitive data. The three vulnerabilities in VMware Aria Operations for Networks were offered patches.

Patches and updates for VMware vulnerabilities

“The three shortcomings, which impact VMware Aria Operations Networks version 6.x, have been remediated in the following versions: 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9, and 6.10. There are no workarounds that mitigate the issues,” the Hacker News report read.

To apply the patches, for the VMware Aria Operations vulnerabilities, the company’s customer connect page offered the following steps –

1. Open the patch page for the specific build number as mentioned on the company’s customer connect page. For instance, for build number – 1684162127, the webpage – https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VRNI-620&productId=1070&rPId=83873 should be opened. It has a patch file size of 770.94 MB. The patch is for Aria Operations for Networks version 6.2.0.
2. Download the updated patch file from the respective page.
3. Save the file on the local system.
4. Log in to vRealize Network Insight GUI as an Administrator. Users may use the default admin@local account.
5. Go to Settings.
6. Click on Install and Support.
7. Opt for Overview and Updates.
8. From Product, opt for the Click here option.
9. Click on Browse
10. Select the saved patch file
11. Click on Upload.

Users will see a message within 2-3 minutes that would read, “Aria Operations for Networks shows the Bundle Upload Complete.”

The bundle will process in the background. Users are urged to not change tabs or open any other window so the session for the patching of the vulnerabilities in VMware remains active.

In case the sessions get interrupted, the same steps for upload must be followed. The next steps after seeing the Bundle Available notification are as follows:

1. Opt for View details
2. On the Aria Operations screen, read the Before You Proceed details.
3. Click on Continue.
4. Click on Install Now to complete the final step of the update for the vulnerability in VMware.