CVE-2023-20890

Summary

Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.

Affected Software

VendorProductVersion RangeStatus
n/aAria Operations for NetworksAria Operations for Networks 6.xaffected

Weaknesses

  • Arbitrary File Write Vulnerability

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References