VMware has updated its security advisory on a critical vulnerability in its Aria Operations monitoring software. According to this, it is under attack. In the monitoring software VMware Aria Operations for Networks - formerly known as VMware vRealize Operations - the manufacturer has closed partly critical vulnerabilities with software updates about two weeks ago. Cybercriminals are now actively attacking one of them in the wild, VMware warns.


  • CVE-2023-20887 - CVSS 9.8 (risk: “critical”)

One of the two critical vulnerabilities that the updated software seals allows attackers from the network to inject commands to execute arbitrary malicious code on affected devices (CVE-2023-20887, CVSS 9.8, risk “critical”). The security advisory has now been updated by VMware’s developers with a note that they can confirm the exploitation of this vulnerability in the wild, after exploit code for it was released a week ago.

VMware Aria: Install Update

Updates are available for VMware Aria Operations for Networks 6.x HF. The associated VMware knowledgebase entry talks about patches for vRNI 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9 and 6.10. The abbreviation stands for the old product name vRealize Network Insight.

Separate patches are available for each vRNI version, following the naming scheme VMware-vRNI.<version number>.<patch level>.<build number>.patch.bundle. IT managers should download and apply the ready updates as soon as possible. VMware has linked the approximately 780 to 1240 MB software patches in the knowledgebase entry.

Without updating, administrators run the risk of falling victim to a cyber attack. In February of this year, thousands of attacks occurred worldwide against a VMware vulnerability. The cybercriminals placed ransomware on vulnerable systems and effectively locked out the owners. An update to close the gap had already been available since 2021.


Contact & Information

Do you have suggestions for improvement or would you like to have an article translated / created? Please contact me!