VMWare Aria Operations For Networks Remote Command Execution

VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A …

apache aria aria operations for networks command command injection injection input insight interface network networks operating system operations proxy reverse reverse proxy root rpc system vmware vrealize vulnerability vulnerable