How to Fix CVE-2023-20864- A Critical Logs Deserialization Vulnerability in VMware Aria?

VMWare published an advisory on 20th Apr 2023 in which it disclosed two vulnerabilities in VMware Aria. The flaw tracked as CVE-2023-20864 is rated Critical with a CVSS score of 9.8, and another one which is tracked under the identifier CVE-2023-20865, is rated Medium or Important in severity with a CVSS score of 5.3 respectively. As per the report, attackers could abuse these vulnerabilities to carry out remote code execution as root. Considering the severity of the flaws, it is highly recommended that all the organizations should work on patching the flaws on their VMWare Aria immediately. We have created this post to help you know how to fix CVE-2023-20864, a critical Logs Deserialization Vulnerabilityin VMware Cloud Foundation.

A Short Introduction About VMware Aria

VMware Aria, formerly known as vRealize Log Insight is a multi-cloud management portfolio designed to manage the cost, performance, configuration, and delivery of infrastructure and applications for cloud-native environments. It is powered by VMware Aria Graph, a cloud-scale data store technology that captures and maps the complexity of multi-cloud environments in a single view. VMware Aria offers solutions for cloud governance, cloud migration, and business insights at scale. It is designed to address the emerging cross-cloud and cross-discipline management challenges faced by enterprises. With the launch of VMware Aria, VMware is unifying its cloud management offerings under a single family name, providing a set of end-to-end solutions for managing multi-cloud environments.

Key Features of VMware Aria:

Summary of CVE-2023-20864

This is a Logs Deserialization Vulnerability in VMware Aria (formerly vRealize Log Insight). This vulnerability is rated critical and assigned a CVSS score of 9.8 out of 10. It allows an unauthenticated, remote attacker to exploit these vulnerabilities and execute arbitrary code on vulnerable versions of  VMware Aria. 

Summary of CVE-2023-20865

This is a Command Injection Vulnerability in VMware Aria (formerly vRealize Log Insight). This vulnerability is rated medium or important and assigned a CVSS score of 7.2 out of 10. It allows an unauthenticated, remote attacker to exploit these vulnerabilities and execute arbitrary code on vulnerable versions of  VMware Aria. 

VMware Aria Versions Affected by The Vulnerabilities

As per the VMSA-2023-0007, the CVE-2023-20864 vulnerability affects only v8.10.2. and the CVE-2023-20865 vulnerability affects 8.6.x, 8.8.x, 8.10, and 8.10.2.

How to Fix CVE-2023-20864 And CVE-2023-20865?

VMWare has released patches  to fix the vulnerabilities. All the users are advised to upgrade there VMWare Aria to v8.12.

How to Upgrade VMWare Aria?

Upgrading VMware Aria Operations can sound like a tedious task, but following these best practices will help ensure a successful upgrade. This section will guide you through the recommended steps to take before, during, and after the upgrade to ensure your environment remains functional and your customized content remains intact.

Step 1. Run Pre-Upgrade Assessment Tool

Before starting the upgrade, it is recommended to run the appropriate versioned pre-upgrade assessment tool on your current VMware Aria Operations to view the possible impact of your custom content. This tool will help you plan appropriate maintenance efforts for adjusting impacted custom content.

See Using the Pre-Upgrade Assessment Tool for VMware Aria Operations 8.12 and VMware Aria Operations Upgrade Center for the latest information.

Step 2. Run the Health Checks and Verify Existing Functionality

Before starting an upgrade, run a general health check to ensure your environment is fully functional before starting the upgrade. Document any working (or non-working) features to verify their status after the upgrade is complete.

Step 3. Backup Customized Content

To prevent data loss during the upgrade, make sure to back up all customized content.

Step 4. Take Snapshots of VMs with Cluster

After verifying functionality and backing up customized content, create snapshots of all analytics VMs within the cluster. This serves as a failsafe in case of an upgrade failure.

Step 5. Confirm Management Packs Interoperability

Some management packs may not be compatible with the new product version, which could render them inoperable. Check the interoperability of your management packs with the updated version before upgrading.

See VMware Product Interoperability Matrix and VMware Compatibility Guide for supported management pack versions.

Step 6. Schedule Upgrade Timing Wisely

Perform the upgrade outside of the dynamic threshold, capacity calculations, costing, or backup processing periods. This helps avoid capturing high-stress states.

Step 7. Set Maintenance Window to Prevent False Alerts

Schedule a maintenance window during the upgrade or cluster resizing to avoid receiving false alerts and notifications.

Step 8. Review Validation Checks Recommendations

A pre-check upgrade validation script runs before the actual upgrade. Address any failures or warnings before proceeding with the upgrade to prevent potential issues.

Step 9. Reset Default Content Option

Select the option to reset default content and import new content. This will overwrite existing content with the updated version provided by the update. Make sure to clone or back up any modified content before proceeding.

Step 10. Upgrade the OS PAK Before the Virtual Appliance (VA) PAK

For VMware Aria Operations 7.5 and lower, upgrade the OS of the virtual appliance before upgrading VMware Aria Operations to ensure a stable base.

Step 11. Use the Correct VMware Aria Operations Upgrade PAK File

Starting with VMware Aria Operations 8.1, there are two PAK files available for upgrade. Choose the appropriate file for your specific upgrade scenario.

Step 12. Pre-Distribute PAK Files to Minimize Downtime

To shorten the upgrade process, pre-distribute the PAK files to all nodes before starting the upgrade.
See How to reduce VMware Aria Operations update time by pre-copying software update PAK files.

Step 13. Verify Functionality After Upgrading

After completing the upgrade, validate that the same functionality exists as before the upgrade began.

Step 14. Remove VM Snapshots Once Upgrade is Verified

Remove all VM snapshots after verifying the environment post-upgrade to prevent performance issues.

Step 15. Consider Cloud Proxies Upgrade Implications

Be mindful of potential latency and performance issues when upgrading cloud proxies, especially if they are located far from the VMware Aria Operations cluster. Ensure cloud proxies meet latency requirements of less than 200 ms. If not, remove high-latency cloud proxies from the cluster one by one following the outlined process.

Step 16. Cluster Best Practices

During the upgrade process, it is crucial to adhere to best practices concerning clusters. This will ensure a smooth and successful upgrade experience. Refer to this document for more details.

Since these flaws allow attackers to n unauthenticated, remote attackers to exploit these vulnerabilities and execute arbitrary code on vulnerable versions of  VMware Aria. It is highly recommended to fix the flaws. Fixing this vulnerability requires an upgrade to the latest version 8.12. We hope this post would help you know know how to fix CVE-2023-20864,  a critical Logs Deserialization Vulnerability VMware Cloud Foundation. Please share this post and help secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.