VMware, a provider of virtualization services, has notified its customers of the discovery of a proof-of-concept (PoC) exploit for a recently patched vulnerability in Aria Operations for Logs. This high severity vulnerability, identified as CVE-2023-34051 with a CVSS score of 8.1, involves an authentication bypass that could potentially lead to remote code execution. According to the security alert published by VMware on October 19, 2023, an unauthenticated malicious actor can inject files into the affected device’s operating system, leading to remote code execution. The vulnerability was originally reported by James Horseman of Horizon3.ai and the Randori Attack Team.
Horizon3.ai subsequently provided the PoC for this vulnerability, which prompted VMware to update its security alert. It’s worth noting that CVE-2023-34051 serves as a workaround for a group of critical vulnerabilities that VMware had already patched in January that could leave users vulnerable to remote code execution attacks. James Horseman emphasized the importance of “Defense in Depth” and explained that an official patch cannot always fully mitigate a vulnerability.
In a related development, Citrix has issued its security alert urging its customers to install updates for CVE-2023-4966, a critical vulnerability affecting NetScaler ADC and NetScaler Gateway. This vulnerability has a CVSS score of 9.4 and has been actively exploited.