Updated description
parent
0fea720652
commit
d84386101e
|
@ -5,9 +5,8 @@ info:
|
||||||
author: sinsinology
|
author: sinsinology
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
|
VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are
|
||||||
a malicious actor can get remote code execution in the context of 'root' on the appliance.
|
vulnerable.
|
||||||
VMWare 6.x version are vulnerable.
|
|
||||||
reference:
|
reference:
|
||||||
- https://www.vmware.com/security/advisories/VMSA-2023-0012.html
|
- https://www.vmware.com/security/advisories/VMSA-2023-0012.html
|
||||||
- https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
|
- https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
|
||||||
|
@ -48,4 +47,4 @@ http:
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
Loading…
Reference in New Issue