VMWare vCenter Server and Aria Operations Critical Vulnerabilities
Date of Notice: 10/25/2023
Action Level - Critical
VMWare has released security updates for multiple versions of vCenter Server to fix a critical vulnerability. If impacted, this vulnerability could allow an attacker to execute arbitrary code on vulnerable systems. Due to the critical nature of this vulnerability, VMWare recommends immediate investigation of servers running vCenter and Aria Operations and patching of impacted systems.
In addition, Important updates have been released addressing vulnerabilities in Aria Operations for Logs that could allow authentication bypass. If chained, this could ultimately allow an unauthenticated attacker to obtain control of a vulnerable system with local or network access, making this a high priority to patch as well.
- vCenter Server 8.0 - Versions before 8.0U2
- vCenter Server 7.0 - Versions before 7.0U3o
- vCenter Server 6.7 - Versions before 6.7U3
- vCenter Server 6.5 - Versions before 6.5U3
- VMWare Cloud Foundation 5.x and 4.x (vCenter) - See link to VMWare KB
- Aria Operations for Logs 8.x - Versions prior to 8.14
- VMWare Cloud Foundation 5.x and 4.x (Aria Operations) - See link to VMWare KB
An unauthenticated attacker with network or local access to the device running an affected version listed above.
As of this writing, there are no confirmed attack reports using these vulnerabilities, though they may be more likely as a result of the vulnerability disclosures.
Removing VMWare servers’ exposure to the Internet is highly recommended if not completely necessary, though this does not remove the possibility of exploit as an attacker may be able to exploit via access to the local network, whether legitimate or through another exploit.
Update vCenter and Aria Operations to a current supported version listed in the vendor documentation.
vCenter Vulnerability Security Advisory (VMSA-2023-0023)
Aria Operations for Logs Security Advisory (VMSA-2023-0021)