2023年6月27日

經銷商新聞關鍵缺陷在VMware詠歎調操作網絡看到大規模開發Akamai報告近700000與27000客戶的掃描攻擊漏洞。科學家警告說,一個漏洞修補本月在VMware詠歎調操作網絡,原名vRealize網絡洞察力,現在看到集體剝削。遠程代碼執行漏洞允許通過命令注入和評級的關鍵的嚴重性。Akamai的“新數據顯示積極掃描網站的規模容易cve - 2023 - 20887遠遠大於最初報道,“Akamai告訴研究人員通過電子郵件方案。“695072襲擊在508年迄今為止唯一的IP地址。Akamai也觀察了超過27000名客戶的網站被掃描。”Not the only VMware Aria Operations flaw VMware released patches for the CVE-2023-20887 vulnerability on June 7, along with fixes for two other flaws in Aria Operations for Networks, one of which is also critical and can lead to remote code execution. While CVE-2023-20887 is a command injection flaw, the second vulnerability, tracked as CVE-2023-20888 , is a deserialisation issue. In programming languages, serialisation is the process of transforming data into a byte stream for transmission to another application and deserialisation is the reverse of that process. Because deserialisation routines involve the parsing and interpretation of user-controlled data, they have been the source of many vulnerabilities. Attackers can exploit both CVE-2023-20887 and CVE-2023-20888 if they have network access to the vulnerable application, but the latter also requires the attacker to have “member” role credentials to perform the attack, which makes it less practical to expose. The third vulnerability, CVE-2023-20889 , is a command injection vulnerability that can lead to sensitive information disclosure and is rated 8.8 (High) on the CVSS severity scale. VMware advises customers to deploy the patches available for their respective version as soon as possible. The company has updated its advisory on June 13 to warn that exploit code for CVE-2023-20887 was released and again on June 20 to warn that active exploitation has occurred in the wild. According to Akamai and telemetry from attack monitoring service GreyNoise, since then the number of attacks have increased. The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-20887 to its catalog of Actively Exploited Vulnerabilities along with the iOS vulnerabilities exploited in Operation Triangulation and a command injection flaw in network-attached storage devices from Zyxel. An authentication bypass flaw in VMware Tools ( CVE-2023-20867 ) was also added to the catalog after being exploited as a zero-day by a Chinese cyberespionage actor to execute commands inside guest virtual machines from a compromised host. VMware patches multiple vCenter flaws Last week, VMware also released fixes for five vulnerabilities in its vCenter Server product that allows administrators to manage virtual infrastructure: CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, and CVE-2023-20896. The first four flaws can lead to arbitrary code execution, memory corruption and authentication bypass and are rated with 8.1 (High) severity on the CVSS scale. Exploitation of the last flaw can result in a denial-of-service condition and is rated with a 5.9 severity score. Even though there are no reports that these vulnerabilities have been exploited in the wild yet, attackers have been targeting flaws in VMware products. VMware users should deploy the available patches as soon as possible.