Connect with us

Hi, what are you looking for?


Application Security

Exploit Code Published for Remote Root Flaw in VMware Logging Software

VMware confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches.

Virtualization technology giant VMware on Monday warned that exploit code has been publicly released for a pre-authentication remote code execution flaw in its enterprise-facing VMware Aria Operations for Logs product.

In an update to a critical-level advisory originally released in April this year, VMware said it has confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches.

The vulnerability, which carries a CVSS severity score of 9.8 out of 10, allows an unauthenticated, malicious actor with network access to VMware Aria Operations to execute arbitrary code as root, VMware said in its documentation of the CVE-2023-20864 flaw.

VMware Aria Operations for Logs, (formerly vRealize Log Insight), is a centralized log management tool that promises operational visibility and analytics for troubleshooting and auditing data flowing through private, hybrid and multi-cloud environments.

VMware’s security troubles with the vRealize Logging product line are well known. The company has patched several high-severity issues in the past and confirmed the release of exploit code targeting known software bugs.

The VMWare vRealize product has also been featured in the CISA KEV (Known Exploited Vulnerabilities) must-patch catalog.

Related: VMware Patches Pre-Auth Code Execution Flaw

Advertisement. Scroll to continue reading.

Related: VMware Fixes VM Escape Flaw Exploited at Geekpwn

Related: VMware Confirms Exploit Code for Critical vRealize Flaws

Related: VMware Plugs High-Severity Bugs in vRealize Operations

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.