Support Content Notification - Support Portal

VMSA-2023-0021:VMware Aria Operations for Logs updates address multiple vulnerabilities.

Product/Component

VCF Operations/Automation (formerly VMware Aria Suite)

1 more products

Notification Id

23666

Last Updated

21 October 2023

Initial Publication Date

17 October 2023

Status

CLOSED

Severity

HIGH

CVSS Base Score

8.1

WorkAround

Affected CVE

CVE-2023-34051,CVE-2023-34052

Advisory ID: VMSA-2023-0021

CVSSv3 Range: 8.1

Issue Date:2023-10-19

Updated On: 2023-10-23

CVE(s): CVE-2023-34051, CVE-2023-34052

Synopsis: VMware Aria Operations for Logs updates address multiple vulnerabilities. (CVE-2023-34051, CVE-2023-34052)

1. Impacted Products

Aria Operations for Logs

2. Introduction

Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

3a. Authentication Bypass Vulnerability (CVE-2023-34051)

Description

VMware Aria Operations for Logs contains an authentication bypass vulnerability VMware has evaluated the severity of this issue to be in the Important Severity Range with a maximum CVSSv3 base score of 8.1.

Known Attack Vectors

An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Resolution

To remediate CVE-2023-34051 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank James Horseman from Horizon3.ai and Randori Attack Team (https://twitter.com/RandoriAttack) for reporting this issue to us.

3b. Deserialization Vulnerability (CVE-2023-34052)

Description

VMware Aria Operations for Logs contains a deserialization vulnerability. VMware has evaluated the severity of this issue to be in the Important Severity Range with a maximum CVSSv3 base score of 8.1.

Known Attack Vectors

A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.

Resolution

To remediate CVE-2023-34052 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank IuHrm of Cyber KunLun for reporting this issue to us.

Response Matrix

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware Aria Operations for Logs	8.14	Any	CVE-2023-34051, CVE-2023-34052	N/A	N/A	Unaffected	N/A	N/A
VMware Aria Operations for Logs	8.12	Any	CVE-2023-34051	8.1	important	8.14	N/A	N/A
VMware Aria Operations for Logs	8.12	Any	CVE-2023-34052	8.1	important	8.14	N/A	N/A
VMware Aria Operations for Logs	8.10.2	Any	CVE-2023-34051	8.1	important	8.14	N/A	N/A
VMware Aria Operations for Logs	8.10.2	Any	CVE-2023-34052	8.1	important	8.14	N/A	N/A
VMware Aria Operations for Logs	8.10	Any	CVE-2023-34051	8.1	important	8.14	N/A	N/A
VMware Aria Operations for Logs	8.10	Any	CVE-2023-34052	N/A	N/A	Unaffacted	N/A	N/A
VMware Aria Operations for Logs	8.8.x	Any	CVE-2023-34051	8.1	important	8.14	N/A	N/A
VMware Aria Operations for Logs	8.8.x	Any	CVE-2023-34052	N/A	N/A	Unaffected	N/A	N/A
VMware Aria Operations for Logs	8.6.x	Any	CVE-2023-34051	8.1	important	8.14	N/A	N/A
VMware Aria Operations for Logs	8.6.x	Any	CVE-2023-34052	N/A	N/A	Unaffected	N/A	N/A
VMware Cloud Foundation (VMware Aria Operations for Logs)	5.x, 4.x	Any	CVE-2023-34051, CVE-2023-34052	8.1	important	KB95212	N/A	N/A