Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Proof-of-concept exploit available for an authentication bypass vulnerability in VMware Aria Operations for Logs!
Image
Published : 25/10/2023
Reference:
Advisory #2023-128
Version:
1.0
Affected software:
VMware Aria Operations for Logs
Type:
RCE (Remote Code Execution)
CVE/CVSS:
CVE-2023-34051: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Sources
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
Risks
CVE-2023-34051 is a high-severity vulnerability, with a CVSS score of 8.1. The vulnerability circumvents the patch for VMSA-2023-0001 in VMware Aria Operations for Logs (formerly known as VMware vRealize Log Insight).
The exploitation of the vulnerability could have severe consequences, with high impact to confidentiality, integrity and availability of the targeted systems. At the moment the vulnerability was not observed as being exploited by threat actors, but it is likely to be exploited by threat actors, as the PoC is now available.
Description
The high severity of the vulnerability is due to the fact that it allows an unauthenticated, malicious actor to inject files into the operating system of an impacted appliance which can result in remote code execution. The attacker could then execute commands as root on the system affecting the combination of confidentiality, integrity, and availability.
A Proof-of-concept exploit for the vulnerability has been published.
Recommended Actions
The Centre for Cybersecurity Belgium strongly recommends system administrators to apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' available at:
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
References
NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-34051
VMware: