VMware Archives

VMware zero-day CVE-2023-20867 exploited

Cloud Security

Critical Authentication Bypass Flaw in VMware Cloud Director Appliance

VMware flaw carries a CVSS severity-score of 9.8/10 and can be exploited to bypass login restrictions when authenticating on certain ports.

Ryan NaraineNovember 14, 2023

Cloud Security

VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.

Ryan NaraineOctober 25, 2023

ICS/OT

Exploit Code Published for Critical-Severity VMware Security Defect

Exploit code and root-cause analysis released by SinSinology document the problem as a case where VMware “forgot to regenerate” SSH keys.

Ryan NaraineSeptember 1, 2023

Malware & Threats

VMware Patches Major Security Flaws in Network Monitoring Product

VWware patches critical flaws that allow hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface.

Ryan NaraineAugust 29, 2023

CISO Conversations

CISO Conversations: Field CISOs From VMware Carbon Black and NetSPI

SecurityWeek talks to Field CISOs, Fawaz Rasheed (VMware Carbon Black) and Nabil Hannan (NetSPI), about this emerging role.

Kevin TownsendJuly 26, 2023

Application Security

Exploit Code Published for Remote Root Flaw in VMware Logging Software

VMware confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches.

Ryan NaraineJuly 10, 2023