Exploit Code Published for Remote Root Flaw in VMware Logging Software


In an update to a critical-level advisory originally released in April this year, VMware said it has confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches.

The vulnerability, which carries a CVSS severity score of 9.8 out of 10, allows an unauthenticated, malicious actor with network access to VMware Aria Operations to execute arbitrary code as root, VMware said in its documentation of the CVE-2023-20864 flaw.

VMware Aria Operations for Logs, (formerly vRealize Log Insight), is a centralized log management tool that promises operational visibility and analytics for troubleshooting and auditing data flowing through private, hybrid and multi-cloud environments.