Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

VMware is aware of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass flaw in VMware Aria Operations for Logs. VMware warned customers of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass vulnerability, tracked as CVE-2023-34051, in VMware Aria Operations for Logs (formerly known as vRealize Log Insight). The […]

VMware Fusion Pwn2Own Berlin 2025

VMware is aware of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass flaw in VMware Aria Operations for Logs.

VMware warned customers of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass vulnerability, tracked as CVE-2023-34051, in VMware Aria Operations for Logs (formerly known as vRealize Log Insight).

The vulnerability CVE-2023-34051 (CVSS score 8.1) is an authentication bypass vulnerability in VMware Aria Operations for Logs.

“An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.” reads the advisory published by the virtualization giant.

“Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published”.

The vulnerability was discovered by cybersecurity firm Horizon3, which published a technical analysis of the flaw.

Earlier this year, the security firm published technical information on VMSA-2023-0001, which impacted VMware Aria Operations for Logs (formerly VMware vRealize Log Insight). The researchers demonstrated how an attacker could exploit three distinct CVEs to achieve remote code execution. While investigating the issues, the researchers discovered that the solution provided by VMware was not able to completely address the flaws. The researchers promptly reported this new issue to VMware, and it has been addressed in VMSA-2023-0021.

The indicators of compromise for this vulnerability are the same released for the VMSA-2023-0001.

The cyber security firm also released a PoC exploit for this vulnerability.

“This POC abuses IP address spoofing and various Thrift RPC endpoints to achieve an arbitrary file write.” reads the advisory published by Horizon3. “The default configuration of this vulnerability writes a cron job to create a reverse shell. Be sure to change the payload file to suit your environment.” “For this attack to work, an attacker must have the same IP address as a master /worker node.” “For this attack to work, an attacker must have the same IP address as a master /worker node. See blog above for more details.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, VMware Aria Operations for Logs)