Blog

VMware Patches Critical vRealize Vulnerability

VMware has issued a security advisory (VMSA-2023-0007) addressing vulnerabilities affecting VMware Aria Operations for Logs, formally known as vRealize Log Insight. Here’s what you need to know.

What is the situation?

VMware has issued a security advisory (VMSA-2023-0007) addressing vulnerabilities affecting VMware Aria Operations for Logs, formally known as vRealize Log Insight. The cloud-based log management tool is used to add structure to log data and increase visibility across all cloud environments. It offers dashboards and uses machine learning for quicker troubleshooting.

The two vulnerabilities are tracked as CVE-2023-20864 and CVE-2023-20865. VMware states that CVE-2023-20864 is critically rated with a CVSSv3 scoring of 9.8 out of 10. VMware notes that only version 8.10.2 is impacted by this critical vulnerability. This vulnerability allows an unauthenticated, malicious actor with network access to VMware Aria Operations to execute arbitrary code as “root.”

Other versions of VMware Aria Operations for Logs are impacted by the lower CVE-2023-20865, rated as a 7.2 out of 10 (High).

As of writing, there is no evidence of exploitation in the wild prior to the release of patches. VMware recommends customers applying the fixed version 8.12 as soon as possible to mitigate against these vulnerabilities.

What is Nuspire doing?

Nuspire is not affected by these vulnerabilities.

What should I do?

Organizations should review VMware’s security advisory VMSA-2023-0007 and follow the recommendations provided.

If your organization is using VMware Aria Operations version 8.10.2, you are affected by the critical vulnerability (CVE-2023-20864) and should prioritize patching as soon as possible.

Other versions are still affected by the high-level vulnerability (CVE-2023-20865) and should be patched when possible.

Both CVEs are mitigated and patched by updating to version 8.12.

It’s important to note that this vulnerability is separate the vRealize vulnerability published in our Jan. 25, 2023 threat brief.

Have you registered for our next event?