IRONSMITHINTEL
CRITICALCVSS9.8
|
Actively Exploited
|CISA KEV|CVE-2023-20887|Auth: none — unauthenticated|Reboot: required|Manual only

Vmware Aria Operations for Networks Command Injection Vulnerability (CVE-2023-20887)

VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.

Published Jun 7, 2023 · Updated May 29, 2026
XLinkedIn
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2023-07-13 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Command Injection (CWE-77) vulnerability in VMware Aria Operations for Networks. Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

Virtualisation Administrators
Infrastructure Team
IT Security
Running aria operations for networks: 6.2.0 ≤ v ≤ 6.10.0
Real-world incidentsWhat we've seen

Active exploitation documented in the wild. Threat-research write-up: http://packetstormsecurity.com/files/173761/VMWare-Aria-Operations-For-Networks-Remote-Command-Execution.html

How to patch

Get the fix

Apply the fixed package from your vendor. The advisory lists affected versions and the exact fixed build.

VMware advisory

Manual remediation steps

Apply the Vendor Patch

This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.

CISA required action: Apply updates per vendor instructions.

References

    1
    Vendor advisory: https://www.vmware.com/security/advisories/VMSA-2023-0012.html
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2023-20887
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20887
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

Related vulnerabilities