Overview

VMware, a virtualization and cloud computing software provider, has recently issued security updates for Aria Operations for Networks to address three vulnerabilities. These loopholes in the system can lead to information disclosure and remote code execution by attackers.

The Most Critical Vulnerability

The most hazardous of the three vulnerabilities fixed by VMware is the command injection vulnerability, tracked as CVE-2023-20887, with a CVSS score of 9.8. Cybercriminals who have network access can exploit this flaw, leading to remote code execution.

Additional Vulnerabilities

Apart from the critical flaw, VMware also resolved two additional vulnerabilities through security updates. One of the vulnerabilities was CVE-2023-20889, which was rated as 6.9 in CVSS and existed in Aria Operations for Networks. This vulnerability happened due to the absence of authorization when calling a privileged function, and it could lead to the disclosure of sensitive information.

The other flaw was CVE-2023-20888, ranked as 6.5 in CVSS. This vulnerability existed due to a server URL validation issue in Aria Operations for Networks. It could allow an unauthorized actor to access the end-user’s account, leading to potential account takeover.

Conclusion

Patching security vulnerabilities are an essential step in protecting network systems from cybercriminals. With VMware’s prompt action in mitigating these flaws in their Aria Operations for Networks software, users can rest assured that their systems will be once again safe from unauthorized access.

Original Article: https://thehackernews.com/2023/06/urgent-security-updates-cisco-and.html