CVE-2023-20890: Path Traversal
First published: Tue Aug 29 2023(Updated: )
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
Credit: security@vmware.com security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Aria Operations for Networks | >=6.2.0<6.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-20890?
CVE-2023-20890 refers to an arbitrary file write vulnerability in Aria Operations for Networks.
Who is affected by CVE-2023-20890?
Anyone using VMware Aria Operations for Networks version 6.2.0 to 6.11.0 is affected by this vulnerability.
What is the severity level of CVE-2023-20890?
CVE-2023-20890 has a severity level of 7.2 (high).
How does the vulnerability in CVE-2023-20890 work?
An authenticated malicious actor with administrative access to Aria Operations for Networks can write files to arbitrary locations, potentially leading to remote code execution.
Is there a fix for CVE-2023-20890?
Yes, VMware has released a security advisory (VMSA-2023-0018) that provides a fix for this vulnerability. It is recommended to update to a patched version of Aria Operations for Networks.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware aria operations for networks
- version/vmware aria operations for networks/6.2.0