VMWare vCenter Server and Aria Operations Critical Vulnerabilities

Date of Notice: 10/25/2023

Action Level - Critical

Description

VMWare has released security updates for multiple versions of vCenter Server to fix a critical vulnerability. If impacted, this vulnerability could allow an attacker to execute arbitrary code on vulnerable systems. Due to the critical nature of this vulnerability, VMWare recommends immediate investigation of servers running vCenter and Aria Operations and patching of impacted systems.

In addition, Important updates have been released addressing vulnerabilities in Aria Operations for Logs that could allow authentication bypass. If chained, this could ultimately allow an unauthenticated attacker to obtain control of a vulnerable system with local or network access, making this a high priority to patch as well. 

Affected Versions

Attack Vector

An unauthenticated attacker with network or local access to the device running an affected version listed above.

Attack Feasibility 

As of this writing, there are no confirmed attack reports using these vulnerabilities, though they may be more likely as a result of the vulnerability disclosures.

Mitigation

Removing VMWare servers’ exposure to the Internet is highly recommended if not completely necessary, though this does not remove the possibility of exploit as an attacker may be able to exploit via access to the local network, whether legitimate or through another exploit.

Remediation

Update vCenter and Aria Operations to a current supported version listed in the vendor documentation.

Vendor Resources

vCenter Vulnerability Security Advisory (VMSA-2023-0023)

VMSA-2023-0023 Supplemental FAQ

Aria Operations for Logs Security Advisory (VMSA-2023-0021)

<-- Return to Cybersecurity Alerts...