CVE-2023-20879: 
VMware vRealize Operations Manager vulnerability analysis and mitigation

CVE-2023-20879 is a Local Privilege Escalation vulnerability affecting VMware Aria Operations (formerly vRealize Operations). The vulnerability was discovered and reported by thiscodecc of MoyunSec Vlab and Bing, with the initial CVE record being created on November 1, 2022, and publicly disclosed on May 12, 2023. The vulnerability affects VMware Aria Operations versions 8.6.x, 8.10.x, and VMware Cloud Foundation 4.x (VMware Advisory).

The vulnerability has been assigned a CVSSv3.1 base score of 6.7 (Moderate severity) with the vector string AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. This scoring indicates that the vulnerability requires local access and high privileges for exploitation, but can result in high impacts to confidentiality, integrity, and availability of the system (NVD).

If successfully exploited, this vulnerability allows a malicious actor with administrative privileges in the Aria Operations application to gain root access to the underlying operating system, potentially leading to complete system compromise (VMware Advisory).

VMware has released patches to address this vulnerability. For VMware Aria Operations 8.10.x, users should upgrade to version 8.10 Hot Fix 4, and for version 8.6.x, users should upgrade to 8.6 Hot Fix 10. VMware Cloud Foundation users running version 4.x should refer to KB92148 for remediation instructions. No workarounds are available for this vulnerability (VMware Advisory).