Rewterz Threat Update – New Cactus Ransomware Exploits VPN Flaws to Infiltrate Networks
May 12, 2023Rewterz Threat Advisory – CVE-2023-29246 – Apache OpenMeetings Vulnerability
May 14, 2023Rewterz Threat Update – New Cactus Ransomware Exploits VPN Flaws to Infiltrate Networks
May 12, 2023Rewterz Threat Advisory – CVE-2023-29246 – Apache OpenMeetings Vulnerability
May 14, 2023Severity
Medium
Analysis Summary
CVE-2023-20878
VMware Aria Operations could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an unsafe deserialization flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-20878
Affected Vendors
VMware
Affected Products
- VMware Cloud Foundation 4.0
- VMware Aria Operations 8.6
- VMware Aria Operations 8.12
- VMware Aria Operations 8.10
Remediation
Refer to VMSA-2023-0009 for patch, upgrade or suggested workaround information.