Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.2282 VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities 21 April 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware Aria Operations for Logs Publisher: VMware Operating System: VMware ESX Server Virtualisation Resolution: Patch/Upgrade CVE Names: CVE-2023-20865 CVE-2023-20864 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2023-0007.html Comment: CVSS (Max): 9.8 CVE-2023-20864 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: VMware Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- Critical Advisory ID: VMSA-2023-0007 CVSSv3 Range: 7.2-9.8 Issue Date: 2023-04-20 Updated On: 2023-04-20 (Initial Advisory) CVE(s): CVE-2023-20864, CVE-2023-20865 Synopsis: VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-20864, CVE-20865) 1. Impacted Products VMware Aria Operations for Logs (formerly vRealize Log Insight) 2. Introduction Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products. 3a. VMware Aria Operations for Logs Deserialization Vulnerability (CVE-2023-20864) Description VMware Aria Operations for Logs contains a deserialization vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8 . Known Attack Vectors An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. Resolution To remediate CVE-2023-20864 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds None. Additional Documentation None. Notes None. Acknowledgements VMware would like to thank Anonymous working with Trend Micro Zero Day Initiative for reporting this issue to us. 3b. VMware Aria Operations for Logs Command Injection Vulnerability (CVE-2023-20865) Description VMware Aria Operations for Logs contains a command injection vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2 . Known Attack Vectors A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. Resolution To remediate CVE-2023-20865 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds None. Additional Information None. Notes None. Acknowledgements VMware would like to thank Y4er & MoonBack of ???? for reporting this vulnerability to us. Response Matrix Product Version Running CVE Identifier CVSSv3 Severity Fixed Workarounds Additional On Version Documentation VMware Aria Operations CVE-2023-20864, for Logs 8.12 Any CVE-2023-20865 N/A N/A Unaffected None KB91831 (Operations for Logs) VMware Aria Operations CVE-2023-20864, 9.8, for Logs 8.10.2 Any CVE-2023-20865 7.2 critical 8.12 None KB91831 (Operations for Logs) VMware Aria Operations for Logs 8.10 Any CVE-2023-20864 N/A N/A Unaffected None KB91831 (Operations for Logs) VMware Aria Operations for Logs 8.10 Any CVE-2023-20865 7.2 important 8.12 None KB91831 (Operations for Logs) VMware Aria Operations for Logs 8.8.x Any CVE-2023-20864 N/A N/A Unaffected None KB91831 (Operations for Logs) VMware Aria Operations for Logs 8.8.x Any CVE-2023-20865 7.2 important 8.12 None KB91831 (Operations for Logs) VMware Aria Operations for Logs 8.6.x Any CVE-2023-20864 N/A N/A Unaffected None KB91831 (Operations for Logs) VMware Aria Operations for Logs 8.6.x Any CVE-2023-20865 7.2 important 8.12 None KB91831 (Operations for Logs) VMware Cloud Foundation CVE-2023-20864, 9.8, (VMware 4.x Any CVE-2023-20865 7.2 critical KB91865 KB91865 KB91831 Aria Operations for Logs) 4. References Fixed Version(s) and Release Notes: VMware Aria Operations for Logs (Operations for Logs) 8.12 Release Notes Downloads and Documentation: https://customerconnect.vmware.com/en/downloads/info/slug/ infrastructure_operations_management/vmware_aria_operations_for_logs/8_12 https://docs.vmware.com/en/VMware-Aria-Operations-for-Logs/8.12/rn/ vmware-aria-operations-for-logs-812-release-notes/index.html Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20864 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20865 FIRST CVSSv3 Calculator: CVE-2023-20864: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/ PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-20865: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/ PR:H/UI:N/S:U/C:H/I:H/A:H 5. Change Log 2023-04-20 VMSA-2023-0007 Initial security advisory. 6. Contact E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZEHt28kNZI30y1K9AQidyxAAjaj/3fdp+fM+p+nIGRpWwzljIQObXWxL 9YHqvd2DJwaBT47YRjciyACKiG6XePRAUpsu5CEV3RniX4T2zIo/fgxNzcXcmDKc TkPyj/nj97nHPGa3jnbLR5Urf9L72l3SfkxKXgz84jKzX8/cyqU2WAskCoNjXsGP GNNBBPaaL1RBfLyxz4RLWgopiIoQlHz3Vsi802x2/ga/epqrmt2mliq+Q7Mdy/CY Gqlm4Y76P0f9VRHyueYoS2kAMNzws1tNTDU606vrplEjkr3DGtAZgrplQXNsUtc3 i42JBStXz+D5yZzkhdV+VO12Lw0HVP6sctesHihwx2TpLIKK70mTTrXn3+uoMiXx mMfXsyIYkl2t83zOICjDGeM4X98WubBv5NKyRYd0gcq4G+jyslKF8TVRHeVj8qAk s5GqSb0xcmQs8Zk5bQmKGbnIyD66slOyk2UBJgSFVIIzfjrdWY/1getfLQDtp+Oi JPPVSYrs81PBybo/5m0b7hJJqoGWDNiZ/dgRsmjoOwYnR2YAi06h10YguZizMAz+ dKwZm/YTBAHIH2LHwhdt1wrDGByxmh/ywDTZlQnr47dg/h8fe8U+GKPi/DErLxxH ou3v1tlPrt4EMPFGEwBBIFL+NDi0/mAa5sBjC3p178bVMmXreQRMxlWKHDnnUlIs EhpR4ZjeO+A= =lXL5 -----END PGP SIGNATURE-----