VMware Aria Operations Local Privilege Escalation Vulnerability (CVE-2023-20877)

VMware has recently released VMSA-2023-0009 security alert dated May 12th, 2023 highlighting a severe local privilege escalation vulnerability found in its virtualization solution — VMware Aria Operations — tracked as CVE-­2023-­20877 — where ReadOnly privileged attackers can potentially escalate themselves into Root access level, by exploiting flaws present within user input handling processes. Once exploited successfully through submitting of customized API inputs, attacks can, as mentioned earlier, gain Root level access to the targeted system.

The company has released a patch for it and urges users of VMware Aria Operations to immediately apply the update since it presents a critical security flaw that essentially could lead to a complete compromise of your system.
It’s highly recommended for all users of this product to act quickly. The exploitation of this vulnerability could lead to the attacker having full control over your system, emphasizing the need for prompt patch implementation.

If the updated software is unavailable at this time, then another mitigation measure would be disabling the API altogether and monitoring unauthorized activity on your machine.
In addition to applying the patch and performing other measures aforementioned, ensure that your other software is kept up-to-date while also reviewing password policies with regular changing intervals enforced.

Protect your personal information by thinking twice before sharing and being extra cautious when it comes to emails with unknown sources or requests from impersonating phishing campaigns.
VMware Aria Operations is an application that specifically monitors and manages cloud-native solutions within VMware vSphere environments.

What is Aria Operations?

With both on-premises appliance-based options available and those built on Kubernetes platform as managed services, VMware Aria Operations is for managing and monitoring VMware vSphere environments.