Attackers Exploit VMware’s Aria Operations for Logs Vulnerability

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

A critical authentication bypass vulnerability (CVE-2023-34051) in VMware Aria Operations for Logs allows remote code execution with root privileges under certain conditions, raising concerns for compromised networks. The security patch attempted to address the issue by blocking Thrift ports but left other vulnerabilities unpatched, which attackers can bypass by spoofing their IP address.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.