Aria Operations For Networks
CVE-2023-20890
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
AnalysisAI
Aria Operations for Networks contains an arbitrary file write vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution. Affected products include: Vmware Aria Operations For Networks.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Aria Operations For Networks
View allAria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key g
Aria Operations for Networks contains a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulner
Aria Operations for Networks contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this v
Aria Operations for Networks contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this v
Aria Operations for Networks contains a local file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerabil
Aria Operations for Networks contains a cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulne
Aria Operations for Networks contains a cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulne
Same weakness CWE-22 – Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today