VMware has issued a cautionary notice to organizations regarding the discovery of an exploit for a critical vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs, a log analysis tool previously known as vRealize Log Insight. Just last month, VMware reported actively exploiting another security flaw in the software. The appearance of the exploit code has now increased the likelihood of abuse of CVE-2023-20864.
As mentioned, VMware Aria Operations for Logs is a log analysis tool that provides centralized log management. It can be used on both on-premises systems and in a SaaS environment. Through a deserialization vulnerability, an attacker can take control of the system running the software and execute code with root privileges without needing login credentials.
According to VMware, CVE-2023-20864 is a critical vulnerability that requires immediate patching, as stated in their security bulletin from last April. The bulletin has now been updated to include information about the existence of exploit code. In addition, VMware previously reported active exploitation of another vulnerability in Aria Operations for Logs, referred to as CVE-2023-20887, which also enables the takeover of vulnerable systems.