Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.2282
VMware Aria Operations for Logs (Operations for Logs) update
addresses multiple vulnerabilities
21 April 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VMware Aria Operations for Logs
Publisher: VMware
Operating System: VMware ESX Server
Virtualisation
Resolution: Patch/Upgrade
CVE Names: CVE-2023-20865 CVE-2023-20864
Original Bulletin:
https://www.vmware.com/security/advisories/VMSA-2023-0007.html
Comment: CVSS (Max): 9.8 CVE-2023-20864 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: VMware
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Critical
Advisory ID: VMSA-2023-0007
CVSSv3 Range: 7.2-9.8
Issue Date: 2023-04-20
Updated On: 2023-04-20 (Initial Advisory)
CVE(s): CVE-2023-20864, CVE-2023-20865
Synopsis: VMware Aria Operations for Logs (Operations for Logs) update
addresses multiple vulnerabilities. (CVE-20864, CVE-20865)
1. Impacted Products
VMware Aria Operations for Logs (formerly vRealize Log Insight)
2. Introduction
Multiple vulnerabilities in VMware Aria Operations for Logs were privately
reported to VMware. Updates and workarounds are available to address these
vulnerabilities in affected VMware products.
3a. VMware Aria Operations for Logs Deserialization Vulnerability
(CVE-2023-20864)
Description
VMware Aria Operations for Logs contains a deserialization
vulnerability. VMware has evaluated the severity of this issue to be in the
Critical severity range with a maximum CVSSv3 base score of 9.8 .
Known Attack Vectors
An unauthenticated, malicious actor with network access to VMware Aria
Operations for Logs may be able to execute arbitrary code as root.
Resolution
To remediate CVE-2023-20864 apply the updates listed in the 'Fixed Version'
column of the 'Response Matrix' below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Anonymous working with Trend Micro Zero Day
Initiative for reporting this issue to us.
3b. VMware Aria Operations for Logs Command Injection Vulnerability
(CVE-2023-20865)
Description
VMware Aria Operations for Logs contains a command injection
vulnerability. VMware has evaluated the severity of this issue to be in the
Important severity range with a maximum CVSSv3 base score of 7.2 .
Known Attack Vectors
A malicious actor with administrative privileges in VMware Aria Operations for
Logs can execute arbitrary commands as root.
Resolution
To remediate CVE-2023-20865 apply the updates listed in the 'Fixed Version'
column of the 'Response Matrix' below.
Workarounds
None.
Additional Information
None.
Notes
None.
Acknowledgements
VMware would like to thank Y4er & MoonBack of ???? for reporting
this vulnerability to us.
Response Matrix
Product Version Running CVE Identifier CVSSv3 Severity Fixed Workarounds Additional
On Version Documentation
VMware Aria
Operations CVE-2023-20864,
for Logs 8.12 Any CVE-2023-20865 N/A N/A Unaffected None KB91831
(Operations
for Logs)
VMware Aria
Operations CVE-2023-20864, 9.8,
for Logs 8.10.2 Any CVE-2023-20865 7.2 critical 8.12 None KB91831
(Operations
for Logs)
VMware Aria
Operations
for Logs 8.10 Any CVE-2023-20864 N/A N/A Unaffected None KB91831
(Operations
for Logs)
VMware Aria
Operations
for Logs 8.10 Any CVE-2023-20865 7.2 important 8.12 None KB91831
(Operations
for Logs)
VMware Aria
Operations
for Logs 8.8.x Any CVE-2023-20864 N/A N/A Unaffected None KB91831
(Operations
for Logs)
VMware Aria
Operations
for Logs 8.8.x Any CVE-2023-20865 7.2 important 8.12 None KB91831
(Operations
for Logs)
VMware Aria
Operations
for Logs 8.6.x Any CVE-2023-20864 N/A N/A Unaffected None KB91831
(Operations
for Logs)
VMware Aria
Operations
for Logs 8.6.x Any CVE-2023-20865 7.2 important 8.12 None KB91831
(Operations
for Logs)
VMware
Cloud
Foundation CVE-2023-20864, 9.8,
(VMware 4.x Any CVE-2023-20865 7.2 critical KB91865 KB91865 KB91831
Aria
Operations
for Logs)
4. References
Fixed Version(s) and Release Notes:
VMware Aria Operations for Logs (Operations for Logs) 8.12 Release Notes
Downloads and Documentation:
https://customerconnect.vmware.com/en/downloads/info/slug/
infrastructure_operations_management/vmware_aria_operations_for_logs/8_12
https://docs.vmware.com/en/VMware-Aria-Operations-for-Logs/8.12/rn/
vmware-aria-operations-for-logs-812-release-notes/index.html
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20865
FIRST CVSSv3 Calculator:
CVE-2023-20864: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/
PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-20865: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/
PR:H/UI:N/S:U/C:H/I:H/A:H
5. Change Log
2023-04-20 VMSA-2023-0007
Initial security advisory.
6. Contact
E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZEHt28kNZI30y1K9AQidyxAAjaj/3fdp+fM+p+nIGRpWwzljIQObXWxL
9YHqvd2DJwaBT47YRjciyACKiG6XePRAUpsu5CEV3RniX4T2zIo/fgxNzcXcmDKc
TkPyj/nj97nHPGa3jnbLR5Urf9L72l3SfkxKXgz84jKzX8/cyqU2WAskCoNjXsGP
GNNBBPaaL1RBfLyxz4RLWgopiIoQlHz3Vsi802x2/ga/epqrmt2mliq+Q7Mdy/CY
Gqlm4Y76P0f9VRHyueYoS2kAMNzws1tNTDU606vrplEjkr3DGtAZgrplQXNsUtc3
i42JBStXz+D5yZzkhdV+VO12Lw0HVP6sctesHihwx2TpLIKK70mTTrXn3+uoMiXx
mMfXsyIYkl2t83zOICjDGeM4X98WubBv5NKyRYd0gcq4G+jyslKF8TVRHeVj8qAk
s5GqSb0xcmQs8Zk5bQmKGbnIyD66slOyk2UBJgSFVIIzfjrdWY/1getfLQDtp+Oi
JPPVSYrs81PBybo/5m0b7hJJqoGWDNiZ/dgRsmjoOwYnR2YAi06h10YguZizMAz+
dKwZm/YTBAHIH2LHwhdt1wrDGByxmh/ywDTZlQnr47dg/h8fe8U+GKPi/DErLxxH
ou3v1tlPrt4EMPFGEwBBIFL+NDi0/mAa5sBjC3p178bVMmXreQRMxlWKHDnnUlIs
EhpR4ZjeO+A=
=lXL5
-----END PGP SIGNATURE-----