¡¾Â©¶´Í¨¸æ¡¿VMware Aria Operations for Logs·´ÐòÁл¯Â©¶´£¨CVE-2023-20864£©

Ðû²¼Ê±¼ä 2023-07-11

Ò»¡¢Â©¶´¸ÅÊö

CVE   ID

CVE-2023-20864

·¢ÏÖʱ¼ä

2023-04-21

Àà    ÐÍ

·´ÐòÁл¯

µÈ    ¼¶

ÑÏÖØ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

¹¥»÷ÅÓ´ó¶È

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

ÒѹûÈ»

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ

 

VMware Aria Operations for Logs£¨ÒÔÇ°³ÆΪ vRealize Log Insight£©ÊÇÒ»¿îÈÕÖ¾·ÖÎö¹¤¾ß £¬¿ÉÌṩ¸ß¶È¿ÉÀ©Õ¹µÄÒì¹¹ÈÕÖ¾¹ÜÀí¹¦Ð§ £¬¾ß±¸Ö±¹ÛÇҿɲÙ×÷µÄÒDZí°å¡¢¾«Ï¸µÄ·ÖÎö¹¦Ð§ºÍ¹ã·ºµÄµÚÈý·½À©Õ¹¹¦Ð§¡£

7ÔÂ11ÈÕ £¬¶«É­Æ½Ì¨VSRC¼à²âµ½VMware Aria Operations for Logs·´ÐòÁл¯Â©¶´£¨CVE-2023-20864 £¬CVSSv3ÆÀ·Ö9.8£©µÄ©¶´Ï¸½ÚºÍÀûÓôúÂëÔÚ»¥ÁªÍøÉϹûÈ»¡£

VMware Aria Operations for LogsÖдæÔÚ²»Äþ¾²µÄ·´ÐòÁл¯Â©¶´ £¬¸Ã©¶´Ô´ÓÚInternalClusterControllerÀàÖеĶà¸öÒªÁìÖжÔÓû§Êý¾ÝµÄÑéÖ¤²»Í× £¬Î´¾­Éí·ÝÑéÖ¤µÄÔ¶³ÌÍþвÕß¿ÉÒÔͨ¹ýÏòÄ¿±ê·þÎñÆ÷·¢ËͶñÒâÉè¼ÆµÄÇëÇóÀ´ÀûÓø鶴 £¬ÀÖ³ÉÀûÓÿÉÄܵ¼ÖÂÒÔ root Éí·ÝÔËÐÐÈÎÒâ´úÂë¡£

 

¶þ¡¢Ó°Ï췶Χ

VMware Aria Operations for Logs (Operations for Logs) 8.10.2 < 8.12

VMware Cloud Foundation£¨VMware Aria Operations for Logs£©4.x

 

Èý¡¢Äþ¾²´ëÊ©

3.1 Éý¼¶°æ±¾

Ä¿Ç°¸Ã©¶´ÒѾ­ÐÞ¸´ £¬ÊÜÓ°ÏìÓû§¿ÉÉý¼¶µ½VMware Aria Operations for Logs (Operations for Logs) 8.12»ò¸ü¸ß°æ±¾ £¬VMware Cloud Foundation (VMware Aria Operations for Logs) 4.x¿É²Î¿¼KB91865¡£

ÏÂÔØÁ´½Ó£º

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

×¢£º±¾´Î¸üл¹ÐÞ¸´ÁËÁíÒ»¸öVMware Aria Operations LogsÃüÁî×¢È멶´ £¨CVE-2023-20865£© £¬ÔÚ VMware Aria Operations for Logs ÖÐÓµÓйÜÀíȨÏÞµÄÍþвÕß¿ÉÀûÓø鶴ÒÔroot Éí·ÝÖ´ÐÐÈÎÒâÃüÁî¡£

3.2 ÁÙʱ´ëÊ©

ÈôÒª¼ì²âÀûÓÃCVE-2023-20864µÄ¹¥»÷ £¬¼ì²âÉ豸Ðè¼à¿ØºÍ½âÎöTCP¶Ë¿Ú9000ºÍ9543ÉϵÄÁ÷Á¿ £¬¼ì²âÖ¸µ¼Ïê¼û²Î¿¼Á´½Ó¡£

3.3 ͨÓý¨Òé

l  ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡ £¬¼õÉÙϵͳ©¶´ £¬ÌáÉý·þÎñÆ÷µÄÄþ¾²ÐÔ¡£

l  ¼ÓǿϵͳºÍÍøÂçµÄ·ÃÎÊ¿ØÖÆ £¬Ð޸ķÀ»ðǽ¼Æı £¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻò·þÎñ £¬¼õÉÙ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø £¬¼õÉÙ¹¥»÷Ãæ¡£

l  ʹÓÃÆóÒµ¼¶Äþ¾²²úÎï £¬ÌáÉýÆóÒµµÄÍøÂçÄþ¾²ÐÔÄÜ¡£

l  ¼ÓǿϵͳÓû§ºÍȨÏÞ¹ÜÀí £¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò £¬Óû§ºÍÈí¼þȨÏÞÓ¦±£³ÖÔÚ×îµÍÏ޶ȡ£

l  ÆôÓÃÇ¿ÃÜÂë¼Æı²¢ÉèÖÃΪ¶¨ÆÚÐ޸ġ£

3.4 ²Î¿¼Á´½Ó

https://www.zerodayinitiative.com/blog/2023/6/29/cve-2023-20864-remote-code-execution-in-vmware-aria-operations-for-logs

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

https://www.bleepingcomputer.com/news/security/vmware-warns-of-exploit-available-for-critical-vrealize-rce-bug/

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2023-07-11

Ê×´ÎÐû²¼

 

Îå¡¢¸½Â¼

5.1 ¶«É­Æ½Ì¨¼ò½é

¶«É­Æ½Ì¨½¨Á¢ÓÚ1996Äê £¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Äþ¾²¸ß¿Æ¼¼ÆóÒµ¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Äþ¾²²úÎï¡¢Äþ¾²·þÎñ½â¾ö·½°¸µÄÁ캽ÆóÒµÖ®Ò»¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¶«É­Æ½Ì¨´óÏà £¬¹«Ë¾Ô±¹¤6000ÓàÈË £¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö £¬ÓµÓÐÁýÕÖÈ«¹úµÄÏúÊÛÌåϵ¡¢ÇþµÀÌåϵºÍ¼¼ÊõÖ§³ÖÌåϵ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´ £¬¶«É­Æ½Ì¨ÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´ÐµÄÄþ¾²²úÎïºÍ×î¼Ñʵ¼ù·þÎñ £¬×ÊÖú¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄÄþ¾²ÐÔºÍÉú²úЧÄÜ £¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Äþ¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Å¬Á¦¡£

5.2 ¹ØÓÚ¶«É­Æ½Ì¨

¶«É­Æ½Ì¨Äþ¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸ö©¶´Í¨¸æºÍ·çÏÕÔ¤¾¯ £¬ÎÒÃǽ«Á¬Ðø¸ú×ÙÈ«Çò×îеÄÍøÂçÄþ¾²Ê¼þºÍ©¶´ £¬ÎªÆóÒµµÄÐÅÏ¢Äþ¾²±£¼Ý»¤º½¡£

¹Ø×¢ÎÒÃÇ£º

image.png