Updated description

patch-1
Prince Chaddha 2023-06-13 22:08:59 +05:30 committed by GitHub
parent 0fea720652
commit d84386101e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 4 deletions

View File

@ -5,9 +5,8 @@ info:
author: sinsinology author: sinsinology
severity: critical severity: critical
description: | description: |
VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are
a malicious actor can get remote code execution in the context of 'root' on the appliance. vulnerable.
VMWare 6.x version are vulnerable.
reference: reference:
- https://www.vmware.com/security/advisories/VMSA-2023-0012.html - https://www.vmware.com/security/advisories/VMSA-2023-0012.html
- https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/ - https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
@ -48,4 +47,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200