CVE-2023-20887

2023-06-0715:15:09

CWE-77

vmware

web.nvd.nist.gov

428

In Wild

aria operations

networks

cve-2023-20887

command injection

vulnerability

nvd

vmware aria operations

remote code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.971

Percentile

99.8%

JSON

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

Affected configurations

Nvd

Node

vmwarearia_operations_for_networksRange6.2.0–6.10.0

VendorProductVersionCPE
vmwarearia_operations_for_networks*cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	aria_operations_for_networks	*	cpe:2.3:a:vmware:aria_operations_for_networks::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aria Operations for Networks (Formerly vRealize Network Insight)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Aria Operations for Networks (Formerly vRealize Network Insight) 6.x"
      }
    ]
  }
]