.. / CVE-2023-20887

Exploit for VMware VRealize Network Insight - Unauthenticated Remote Code Execution (CVE-2023-20887)

Description:

VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of ‘root’ on the appliance. VMWare 6.x version are vulnerable.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2023-20887.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-20887.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-20887
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
https://github.com/sinsinology/CVE-2023-20887
http://packetstormsecurity.com/files/173761/VMWare-Aria-Operations-For-Networks-Remote-Command-Execution.html