¡¾Â©¶´Í¨¸æ¡¿VMware Aria Operations for Logs·´ÐòÁл¯Â©¶´£¨CVE-2023-20864£©

Ðû²¼Ê±¼ä 2023-07-11

Ò»¡¢Â©¶´¸ÅÊö

CVE   ID

CVE-2023-20864

·¢ÏÖʱ¼ä

2023-04-21

Àà    ÐÍ

·´ÐòÁл¯

µÈ    ¼¶

ÑÏÖØ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

¹¥»÷ÅÓ´ó¶È

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

ÒѹûÈ»

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ

 

VMware Aria Operations for Logs£¨ÒÔÇ°³ÆΪ vRealize Log Insight£©ÊÇÒ»¿îÈÕÖ¾·ÖÎö¹¤¾ß£¬¿ÉÌṩ¸ß¶È¿ÉÀ©Õ¹µÄÒì¹¹ÈÕÖ¾¹ÜÀí¹¦Ð§£¬¾ß±¸Ö±¹ÛÇҿɲÙ×÷µÄÒDZí°å¡¢¾«Ï¸µÄ·ÖÎö¹¦Ð§ºÍ¹ã·ºµÄµÚÈý·½À©Õ¹¹¦Ð§¡£

7ÔÂ11ÈÕ£¬¶¶È¦Îª¶Ä¶øÉúVSRC¼à²âµ½VMware Aria Operations for Logs·´ÐòÁл¯Â©¶´£¨CVE-2023-20864£¬CVSSv3ÆÀ·Ö9.8£©µÄ©¶´Ï¸½ÚºÍÀûÓôúÂëÔÚ»¥ÁªÍøÉϹûÈ»¡£

VMware Aria Operations for LogsÖдæÔÚ²»Äþ¾²µÄ·´ÐòÁл¯Â©¶´£¬¸Ã©¶´Ô´ÓÚInternalClusterControllerÀàÖеĶà¸öÒªÁìÖжÔÓû§Êý¾ÝµÄÑéÖ¤²»Í×£¬Î´¾­Éí·ÝÑéÖ¤µÄÔ¶³ÌÍþвÕß¿ÉÒÔͨ¹ýÏòÄ¿±ê·þÎñÆ÷·¢ËͶñÒâÉè¼ÆµÄÇëÇóÀ´ÀûÓø鶴£¬ÀÖ³ÉÀûÓÿÉÄܵ¼ÖÂÒÔ root Éí·ÝÔËÐÐÈÎÒâ´úÂë¡£

 

¶þ¡¢Ó°Ï췶Χ

VMware Aria Operations for Logs (Operations for Logs) 8.10.2 < 8.12

VMware Cloud Foundation£¨VMware Aria Operations for Logs£©4.x

 

Èý¡¢Äþ¾²´ëÊ©

3.1 Éý¼¶°æ±¾

Ä¿Ç°¸Ã©¶´ÒѾ­ÐÞ¸´£¬ÊÜÓ°ÏìÓû§¿ÉÉý¼¶µ½VMware Aria Operations for Logs (Operations for Logs) 8.12»ò¸ü¸ß°æ±¾£¬VMware Cloud Foundation (VMware Aria Operations for Logs) 4.x¿É²Î¿¼KB91865¡£

ÏÂÔØÁ´½Ó£º

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

×¢£º±¾´Î¸üл¹ÐÞ¸´ÁËÁíÒ»¸öVMware Aria Operations LogsÃüÁî×¢È멶´ £¨CVE-2023-20865£©£¬ÔÚ VMware Aria Operations for Logs ÖÐÓµÓйÜÀíȨÏÞµÄÍþвÕß¿ÉÀûÓø鶴ÒÔroot Éí·ÝÖ´ÐÐÈÎÒâÃüÁî¡£

3.2 ÁÙʱ´ëÊ©

ÈôÒª¼ì²âÀûÓÃCVE-2023-20864µÄ¹¥»÷£¬¼ì²âÉ豸Ðè¼à¿ØºÍ½âÎöTCP¶Ë¿Ú9000ºÍ9543ÉϵÄÁ÷Á¿£¬¼ì²âÖ¸µ¼Ïê¼û²Î¿¼Á´½Ó¡£

3.3 ͨÓý¨Òé

l  ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬¼õÉÙϵͳ©¶´£¬ÌáÉý·þÎñÆ÷µÄÄþ¾²ÐÔ¡£

l  ¼ÓǿϵͳºÍÍøÂçµÄ·ÃÎÊ¿ØÖÆ£¬Ð޸ķÀ»ðǽ¼Æı£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻò·þÎñ£¬¼õÉÙ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬¼õÉÙ¹¥»÷Ãæ¡£

l  ʹÓÃÆóÒµ¼¶Äþ¾²²úÎÌáÉýÆóÒµµÄÍøÂçÄþ¾²ÐÔÄÜ¡£

l  ¼ÓǿϵͳÓû§ºÍȨÏÞ¹ÜÀí£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬Óû§ºÍÈí¼þȨÏÞÓ¦±£³ÖÔÚ×îµÍÏ޶ȡ£

l  ÆôÓÃÇ¿ÃÜÂë¼Æı²¢ÉèÖÃΪ¶¨ÆÚÐ޸ġ£

3.4 ²Î¿¼Á´½Ó

https://www.zerodayinitiative.com/blog/2023/6/29/cve-2023-20864-remote-code-execution-in-vmware-aria-operations-for-logs

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

https://www.bleepingcomputer.com/news/security/vmware-warns-of-exploit-available-for-critical-vrealize-rce-bug/

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2023-07-11

Ê×´ÎÐû²¼

 

Îå¡¢¸½Â¼

5.1 ¶¶È¦Îª¶Ä¶øÉú¼ò½é

¶¶È¦Îª¶Ä¶øÉú½¨Á¢ÓÚ1996Ä꣬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Äþ¾²¸ß¿Æ¼¼ÆóÒµ¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Äþ¾²²úÎï¡¢Äþ¾²·þÎñ½â¾ö·½°¸µÄÁ캽ÆóÒµÖ®Ò»¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¶¶È¦Îª¶Ä¶øÉú´óÏ㬹«Ë¾Ô±¹¤6000ÓàÈË£¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬ÓµÓÐÁýÕÖÈ«¹úµÄÏúÊÛÌåϵ¡¢ÇþµÀÌåϵºÍ¼¼ÊõÖ§³ÖÌåϵ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬¶¶È¦Îª¶Ä¶øÉúÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´ÐµÄÄþ¾²²úÎïºÍ×î¼Ñʵ¼ù·þÎñ£¬×ÊÖú¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄÄþ¾²ÐÔºÍÉú²úЧÄÜ£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Äþ¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Å¬Á¦¡£

5.2 ¹ØÓÚ¶¶È¦Îª¶Ä¶øÉú

¶¶È¦Îª¶Ä¶øÉúÄþ¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸ö©¶´Í¨¸æºÍ·çÏÕÔ¤¾¯£¬ÎÒÃǽ«Á¬Ðø¸ú×ÙÈ«Çò×îеÄÍøÂçÄþ¾²Ê¼þºÍ©¶´£¬ÎªÆóÒµµÄÐÅÏ¢Äþ¾²±£¼Ý»¤º½¡£

¹Ø×¢ÎÒÃÇ£º

image.png