image credit: Unsplash

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

June 8, 2023

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution.

The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution.

Also patched by VMware is another deserialization vulnerability (CVE-2023-20888) that’s rated 9.1 out of a maximum of 10 on the CVSS scoring system.

“A malicious actor with network access to VMware Aria Operations for Networks and valid ‘member’ role credentials may be able to perform a deserialization attack resulting in remote code execution,” the company said in an advisory.

Read More on The Hacker News