November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – RedLine Stealer – Active IOCs
May 15, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
May 15, 2023Rewterz Threat Alert – RedLine Stealer – Active IOCs
May 15, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
May 15, 2023
Severity
High
Analysis Summary
CVE-2023-20879 CVSS:6.7
VMware Aria Operations could allow a local authenticated attacker to gain elevated privileges on the system, caused by an unspecified flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain root access to the underlying operating system.
CVE-2023-20880 CVSS:6.4
VMware Aria Operations could allow a local authenticated attacker to gain elevated privileges on the system, caused by an unspecified flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-20879
- CVE-2023-20880
Affected Vendors
VMware
Affected Products
- VMware Cloud Foundation 4.0
- VMware Aria Operations 8.6
- VMware Aria Operations 8.10
- VMware Aria Operations 8.12
Remediation
Refer to VMSA-2023-0009 for patch, upgrade or suggested workaround information.