CVE-2023-20887
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
07/06/2023
Last modified:
28/10/2025
Description
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:* | 6.2.0 (including) | 6.10.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/173761/VMWare-Aria-Operations-For-Networks-Remote-Command-Execution.html
- https://www.vmware.com/security/advisories/VMSA-2023-0012.html
- http://packetstormsecurity.com/files/173761/VMWare-Aria-Operations-For-Networks-Remote-Command-Execution.html
- https://www.vmware.com/security/advisories/VMSA-2023-0012.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20887