If attackers successfully exploit a vulnerability in VMware’s Aria Operations for Logs, they could execute their own code with root privileges. This usually results in systems being completely compromised. Recently released exploit code is exacerbating the situation and attacks could be imminent. Security patches are available.
Advertisement
Security researchers at Horizon3 have a technical report on the vulnerability (CVE-2023-34051″high“) along with exploit code. Remote attackers should be able to attack the vulnerability without authentication. The attack is based on IP spoofing.
Security updates
The gap has been known since October 2023. Since then there have also been security updates that VMware in a warning message lists. It is not known at this point whether there have already been attacks.
(of)