• Home
  • |
  • Blog
  • |
  • How to Fix CVE-2023-20864- A Critical Logs Deserialization Vulnerability in VMware Aria?
How to Fix CVE-2023-20864- A Critical Logs Deserialization Vulnerability in VMware Aria

VMWare published an advisory on 20th Apr 2023 in which it disclosed two vulnerabilities in VMware Aria. The flaw tracked as CVE-2023-20864 is rated Critical with a CVSS score of 9.8, and another one which is tracked under the identifier CVE-2023-20865, is rated Medium or Important in severity with a CVSS score of 5.3 respectively. As per the report, attackers could abuse these vulnerabilities to carry out remote code execution as root. Considering the severity of the flaws, it is highly recommended that all the organizations should work on patching the flaws on their VMWare Aria immediately. We have created this post to help you know how to fix CVE-2023-20864, a critical Logs Deserialization Vulnerabilityin VMware Cloud Foundation.

A Short Introduction About VMware Aria

VMware Aria, formerly known as vRealize Log Insight is a multi-cloud management portfolio designed to manage the cost, performance, configuration, and delivery of infrastructure and applications for cloud-native environments. It is powered by VMware Aria Graph, a cloud-scale data store technology that captures and maps the complexity of multi-cloud environments in a single view. VMware Aria offers solutions for cloud governance, cloud migration, and business insights at scale. It is designed to address the emerging cross-cloud and cross-discipline management challenges faced by enterprises. With the launch of VMware Aria, VMware is unifying its cloud management offerings under a single family name, providing a set of end-to-end solutions for managing multi-cloud environments.

Key Features of VMware Aria:

  • Cloud management portfolio that unifies applications, infrastructure, and services across private, hybrid, and public clouds from a single platform with a common data model.
  • Provides true multi-cloud management with near real-time visibility.
  • Offers intelligent cloud delivery solution.
  • Helps to streamline IT operations and delivers faster time to market.
  • Provides a single management console to manage virtual and physical infrastructure.
  • Enables customers to optimize resource utilization and reduce costs.
  • Offers a range of management and automation tools to simplify governance and compliance.

Summary of CVE-2023-20864

This is a Logs Deserialization Vulnerability in VMware Aria (formerly vRealize Log Insight). This vulnerability is rated critical and assigned a CVSS score of 9.8 out of 10. It allows an unauthenticated, remote attacker to exploit these vulnerabilities and execute arbitrary code on vulnerable versions of  VMware Aria. 

Associated CVE IDCVE-2023-20864
DescriptionA Critical Logs Deserialization Vulnerability in VMware Aria
Associated ZDI ID
CVSS Score9.8 critical
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)None
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Summary of CVE-2023-20865

This is a Command Injection Vulnerability in VMware Aria (formerly vRealize Log Insight). This vulnerability is rated medium or important and assigned a CVSS score of 7.2 out of 10. It allows an unauthenticated, remote attacker to exploit these vulnerabilities and execute arbitrary code on vulnerable versions of  VMware Aria. 

See Also  How To Fix CVE-2022-20732- A Privilege Escalation Vulnerability In Cisco VIM
Associated CVE IDCVE-2023-20865
DescriptionA Command Injection Vulnerability in VMware Aria
Associated ZDI ID
CVSS Score7.2 Medium
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)High
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

VMware Aria Versions Affected by The Vulnerabilities

As per the VMSA-2023-0007, the CVE-2023-20864 vulnerability affects only v8.10.2. and the CVE-2023-20865 vulnerability affects 8.6.x, 8.8.x, 8.10, and 8.10.2.

Vulnerability CVE IDAffected Versions
CVE-2023-208648.10.2
CVE-2023-208658.6.x, 8.8.x, 8.10, and 8.10.2

How to Fix CVE-2023-20864 And CVE-2023-20865?

VMWare has released patches  to fix the vulnerabilities. All the users are advised to upgrade there VMWare Aria to v8.12.

How to Upgrade VMWare Aria?

Upgrading VMware Aria Operations can sound like a tedious task, but following these best practices will help ensure a successful upgrade. This section will guide you through the recommended steps to take before, during, and after the upgrade to ensure your environment remains functional and your customized content remains intact.

Time needed: 30 minutes

How to Upgrade VMWare Aria?

  1. Run Pre-Upgrade Assessment Tool

    Before starting the upgrade, it is recommended to run the appropriate versioned pre-upgrade assessment tool on your current VMware Aria Operations to view the possible impact of your custom content. This tool will help you plan appropriate maintenance efforts for adjusting impacted custom content.


    See Using the Pre-Upgrade Assessment Tool for VMware Aria Operations 8.12 and VMware Aria Operations Upgrade Center for the latest information.

  2. Run the Health Checks and Verify Existing Functionality

    Before starting an upgrade, run a general health check to ensure your environment is fully functional before starting the upgrade. Document any working (or non-working) features to verify their status after the upgrade is complete.

  3. Backup Customized Content

    To prevent data loss during the upgrade, make sure to back up all customized content.

  4. Take Snapshots of VMs with Cluster

    After verifying functionality and backing up customized content, create snapshots of all analytics VMs within the cluster. This serves as a failsafe in case of an upgrade failure.

  5. Confirm Management Packs Interoperability

    Some management packs may not be compatible with the new product version, which could render them inoperable. Check the interoperability of your management packs with the updated version before upgrading.


    See VMware Product Interoperability Matrix and VMware Compatibility Guide for supported management pack versions.

  6. Schedule Upgrade Timing Wisely

    Perform the upgrade outside of the dynamic threshold, capacity calculations, costing, or backup processing periods. This helps avoid capturing high-stress states.

  7. Set Maintenance Window to Prevent False Alerts

    Schedule a maintenance window during the upgrade or cluster resizing to avoid receiving false alerts and notifications.

  8. Review Validation Checks Recommendations

    A pre-check upgrade validation script runs before the actual upgrade. Address any failures or warnings before proceeding with the upgrade to prevent potential issues.

  9. Reset Default Content Option

    Select the option to reset default content and import new content. This will overwrite existing content with the updated version provided by the update. Make sure to clone or back up any modified content before proceeding.

  10. Upgrade the OS PAK Before the Virtual Appliance (VA) PAK

    For VMware Aria Operations 7.5 and lower, upgrade the OS of the virtual appliance before upgrading VMware Aria Operations to ensure a stable base.

  11. Use the Correct VMware Aria Operations Upgrade PAK File

    Starting with VMware Aria Operations 8.1, there are two PAK files available for upgrade. Choose the appropriate file for your specific upgrade scenario.

  12. Pre-Distribute PAK Files to Minimize Downtime

    To shorten the upgrade process, pre-distribute the PAK files to all nodes before starting the upgrade.

    See How to reduce VMware Aria Operations update time by pre-copying software update PAK files.

  13. Verify Functionality After Upgrading

    After completing the upgrade, validate that the same functionality exists as before the upgrade began.

  14. Remove VM Snapshots Once Upgrade is Verified

    Remove all VM snapshots after verifying the environment post-upgrade to prevent performance issues.

  15. Consider Cloud Proxies Upgrade Implications

    Be mindful of potential latency and performance issues when upgrading cloud proxies, especially if they are located far from the VMware Aria Operations cluster. Ensure cloud proxies meet latency requirements of less than 200 ms. If not, remove high-latency cloud proxies from the cluster one by one following the outlined process.

  16. Cluster Best Practices

    During the upgrade process, it is crucial to adhere to best practices concerning clusters. This will ensure a smooth and successful upgrade experience. Refer to this document for more details.

See Also  Step-by-Step Guide to Setup Pytorch for Your GPU on Windows 10/11

Since these flaws allow attackers to n unauthenticated, remote attackers to exploit these vulnerabilities and execute arbitrary code on vulnerable versions of  VMware Aria. It is highly recommended to fix the flaws. Fixing this vulnerability requires an upgrade to the latest version 8.12. We hope this post would help you know know how to fix CVE-2023-20864,  a critical Logs Deserialization Vulnerability VMware Cloud Foundation. Please share this post and help secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, Medium & Instagram, and subscribe to receive updates like this. 

Read More:

Frequently Asked Questions:

1. What is VMware Aria, and what are its key features?

VMware Aria, formerly known as vRealize Log Insight, is a multi-cloud management portfolio designed to manage cost, performance, configuration, and delivery of infrastructure and applications for cloud-native environments. It offers solutions for cloud governance, cloud migration, and business insights at scale. Key features include unifying applications and infrastructure across private, hybrid, and public clouds, providing near real-time visibility, streamlining IT operations, and delivering faster time to market.

2. What is CVE-2023-20864, and how does it impact VMware Aria?

CVE-2023-20864 is a critical Logs Deserialization Vulnerability in VMware Aria, with a CVSS score of 9.8. This vulnerability allows an unauthenticated, remote attacker to exploit and execute arbitrary code on vulnerable versions of VMware Aria.

3. What is CVE-2023-20865, and how does it impact VMware Aria?

CVE-2023-20865 is a Command Injection Vulnerability in VMware Aria, with a CVSS score of 7.2. This vulnerability allows an unauthenticated, remote attacker to exploit and execute arbitrary code on vulnerable versions of VMware Aria.



4. Which VMware Aria versions are affected by these vulnerabilities?

CVE-2023-20864 affects VMware Aria version 8.10.2, while CVE-2023-20865 affects versions 8.6.x, 8.8.x, 8.10, and 8.10.2.

5. How can I fix CVE-2023-20864 and CVE-2023-20865?

To fix these vulnerabilities, VMWare has released patches, and users are advised to upgrade their VMware Aria to version 8.12.

6. What are the recommended steps to upgrade VMware Aria?
See Also  How I Assessed Vulnerabilities that Don't Have CVE Identifier and CVSS Score?

To upgrade VMware Aria, follow these steps: run the pre-upgrade assessment tool, perform health checks, backup customized content, take snapshots of VMs, confirm management packs interoperability, schedule upgrade timing wisely, set a maintenance window, review validation checks recommendations, reset default content option, upgrade the OS PAK before the VA PAK, use the correct VMware Aria Operations upgrade PAK file, pre-distribute PAK files, verify functionality after upgrading, remove VM snapshots, consider cloud proxies upgrade implications, and follow cluster best practices.

About the author

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience spanning IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

To know more about him, you can visit his profile on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.