CVE-2023-20888

HIGH NUCLEI

Vmware Vrealize Network Insight < 6.10.0 - Insecure Deserialization

Title source: rule

Description

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.

Nuclei Templates (1)

VMware Aria Operations for Networks - Remote Code Execution
HIGHVERIFIEDby iamnoooob,rootxharsh,pdresearch
Shodan: title:"VMware Aria Operations" || http.title:"vmware vrealize network insight" || http.title:"vmware aria operations"
FOFA: title="vmware vrealize network insight" || title="vmware aria operations"

References (1)

Scores

CVSS v3 8.8
EPSS 0.8901
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (1)

vmware/vrealize_network_insight < 6.10.0

Timeline

Published Jun 07, 2023
Tracked Since Feb 18, 2026