Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities
Oct 25, 2023
Exploit / Vulnerability
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution," VMware noted in an advisory on October 19, 2023. James Horseman from Horizon3.ai and the Randori Attack Team have been credited with discovering and reporting the flaw. Horizon3.ai has since made available a PoC for the vulnerability , prompting VMware to revise its advisory this week. It's worth noting that CVE-2023-34051 is a patch bypass for a set of critical flaws that were addressed by VMware earlier this January that could expose users to remote code execution attacks. &