CVE-2023-20889

HIGH NUCLEI

Vmware Vrealize Network Insight < 6.10.0 - Command Injection

Title source: rule

Description

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.

Nuclei Templates (1)

VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability

HIGHVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: title:"VMware Aria Operations" || http.title:"vmware vrealize network insight" || http.title:"vmware aria operations"

FOFA: title="vmware vrealize network insight" || title="vmware aria operations"

References (1)

[Patch, Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2023-0012.html

Scores

CVSS v3 7.5

EPSS 0.9023

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-77

Status published

Products (1)

vmware/vrealize_network_insight 6.2.0 - 6.10.0

Published Jun 07, 2023

Tracked Since Feb 18, 2026