Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-20887
• https://www.vmware.com/security/advisories/VMSA-2023-0012.html
• http://packetstormsecurity.com/files/173761/VMWare-Aria-Operations-For-Networks-Remote-Command-Execution.html
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20887