VMware has warned that hackers are actively exploiting a critical vulnerability, CVE-2023-20887, in its Aria Operations for Networks software. The vulnerability allows for command injection attacks, potentially leading to remote code execution. The company had recently released urgent patches to address security defects in the software. Alongside this vulnerability, VMware also disclosed two other critical-severity vulnerabilities that expose businesses to remote code execution and information disclosure attacks. Aria Operations for Networks, previously known as vRealize Network Insight, is used by enterprises for network monitoring and analysis to establish secure network infrastructure across cloud environments.
Read more: https://www.securityweek.com/vmware-confirms-live-exploits-hitting-just-patched-security-flaw/