Arbitrary File Write Vulnerability in VMware Aria Operations for Networks
CVE-2023-20890

7.2HIGH

Key Information:

Vendor: Vmware
Status: Aria Operations For Networks
Vendor: CVE Published:; 29 August 2023

Summary

VMware Aria Operations for Networks has a vulnerability that enables an authenticated attacker with administrative privileges to write files to any location on the system. This flaw can lead to unauthorized remote code execution, posing significant security risks. Proper measures are advised to mitigate exposure and protect against potential exploitation.

Affected Version(s)

Aria Operations for Networks Aria Operations for Networks 6.x

References

https://www.vmware.com/security/advisories/VMSA-2023-0018...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2023
Vulnerability Reserved
Nov 1, 2022