CVE-2023-20887
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- November 01, 2022
- Published Date
- June 07, 2023
- Last Updated
- February 13, 2025
- Vendor
- n/a
- Product
- Aria Operations for Networks (Formerly vRealize Network Insight)
- Description
- Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
CVSS Scores
CVSS v3.1
9.8 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2023-06-22 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vrni_rce_cve_2023_20887.rb | 2025-04-29 11:01:16 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-20887.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
vmware_vrni_rce_cve_2023_20887
Type: metasploit • Created: Unknown
Metasploit module for CVE-2023-20887
Malwareman007/CVE-2023-20887
Type: github • Created: 2023-09-25 00:41:45 UTC • Stars: 8
VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)
miko550/CVE-2023-20887
Type: github • Created: 2023-06-14 06:50:00 UTC • Stars: 6
VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)
sinsinology/CVE-2023-20887
Type: github • Created: 2023-06-13 13:17:23 UTC • Stars: 232
VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)