VMware, a software company specializing in cloud computing, reported that its product ARIA Operations for Networks, formerly known as Vrealize Network Insight, has been targeted by cybercriminals through active attacks due to a critical vulnerability.
The vulnerability, identified as CVE-2023-20887, enables attackers with access to the network to execute remote code on a device by utilizing a Command Injection attack. This vulnerability affects the Aria Operations Networks of the sixth version, including 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9, and 6.10.
Approximately two weeks ago, the software company released fixes for each vulnerable version. Despite this, VMware has confirmed that the vulnerability has already been exploited by cybercriminals on June 20, with no details about the attackers known as of yet.
Greenoise, a cyber intelligence organization, reported that the attacks originated from two distinct IP addresses from the Netherlands. The attacks occurred shortly after Sina Heirh from Summoning Team discovered the vulnerability and released proof of concept (POC) on CVE-2023-20887.
It is noteworthy to mention the agility of hacker groups in utilizing newly discovered vulnerabilities. Organizations must remain vigilant and monitor cybersecurity news continuously. To avoid risks of malicious vulnerability, VMware recommends updating Aria Operations for Networks to the latest version as soon as possible.