Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2023-20887 | Vmware Aria Operations for Networks Command Injection Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability is exploited by a remote, unauthenticated actor to gain remote code execution via a command injection attack. This vulnerability has been exploited in the wild; however, technical details have not been publicly shared.
References
|
| CVE-2023-20887 | Vmware Aria Operations for Networks Command Injection Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability is exploited by a remote, unauthenticated actor to gain remote code execution via a command injection attack. This vulnerability has been exploited in the wild; however, technical details have not been publicly shared.
References
|