VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection
when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a
remote unauthenticated attacker to execute arbitrary commands on the underlying operating system
as the root user. The RPC interface is protected by a reverse proxy which can be bypassed.
VMware has evaluated the severity of this issue to be in the Critical severity range with a
maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the
context of 'root' on the appliance.
VMWare 6.x version are vulnerable.
This module exploits the vulnerability to upload and execute payloads gaining root privileges.
Successfully tested against version 6.8.0.
- Sina Kheirkhah
- Anonymous with Trend Micro Zero Day Initiative