October 24, 2023 By Sergiu Gatlan
VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs).
"Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published," the company said in an update to the original advisory.
Tracked as CVE-2023-34051, it allows unauthenticated attackers to execute code remotely with root permissions if certain conditions are met.
Successful exploitation hinges on the attacker compromising a host within the targeted environment and possessing permissions to add an extra interface or static IP address, according to Horizon3 security researchers who discovered the bug.
