CVE-2023-20887 — Vmware Aria Operations for Networks Command Injection Vulnerability

2023-06-22 • CISA Known Exploited Vulnerability

[event] VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.

> AFFECTED SOFTWARE

Field	Value
Vendor	VMware
Product	Aria Operations for Networks
CWE	CWE-77
CVE ID	CVE-2023-20887
Date Added	2023-06-22
Due Date	2023-07-13
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2023-07-13

> REFERENCES

[1] https://www.vmware.com/security/advisories/VMSA-2023-0012.html
[2] https://nvd.nist.gov/vuln/detail/CVE-2023-20887