Aria Operations For Networks
CVE-2023-20887
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
AnalysisAI
Aria Operations for Networks contains a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. Affected products include: Vmware Aria Operations For Networks.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
More in Aria Operations For Networks
View allAria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key g
Aria Operations for Networks contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this v
Aria Operations for Networks contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this v
Aria Operations for Networks contains an arbitrary file write vulnerability. Rated high severity (CVSS 7.2), this vulner
Aria Operations for Networks contains a local file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerabil
Aria Operations for Networks contains a cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulne
Aria Operations for Networks contains a cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulne
Same weakness CWE-77 – Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today