¡¾·ì϶¹«¸æ¡¿VMware Aria Operations for LogsÉí·ÝÑéÖ¤Èƹý·ì϶£¨CVE-2023-34051£©

°ä²¼¹¦·ò 2023-10-25
 

Ò»¡¢·ì϶¸ÅÊö

CVE   ID

CVE-2023-34051

·¢ÏÖ¹¦·ò

2023-10-23

Àà    ÐÍ

Éí·ÝÑéÖ¤Èƹý

µÈ    ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

¹¥»÷¸´ÔÓ¶È

¸ß

Óû§½»»¥

ÎÞ

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

δ֪

 

VMware Aria Operations for Logs£¨ÒÔÇ°³ÆΪ vRealize Log Insight£©ÊÇÒ»¿îÈÕÖ¾·ÖÎö¹¤¾ß£¬¿ÉÌṩ¸ß¶È¿ÉÀ©´óµÄÒì¹¹ÈÕÖ¾ÖÎÀíÖ°ÄÜ£¬¾ß±¸Ö±¹ÛÇҿɲÙ×÷µÄÒDZí°å¡¢¾«ÃܵķÖÎöÖ°ÄÜºÍ¿í·ºµÄµÚÈý·½À©´óÖ°ÄÜ¡£

10ÔÂ23ÈÕ£¬GA»Æ½ð¼×VSRC¼à²âµ½VMware½¨¸´ÁËVMware Aria Operations for Logs ÖеÄÒ»¸öÉí·ÝÑéÖ¤Èƹý·ì϶£¨CVE-2023-34051£©£¬CVSSv3ÆÀ·ÖΪ8.1£¬Ä¿Ç°¸Ã·ì϶µÄϸ½ÚÒÑÔÚ»¥ÁªÍøÉϹ«¿ª¡£

¸Ã·ì϶ԴÓÚVMware vRealize Log InsightÖжÔÏÈÇ°°ä²¼µÄVMSA-2023-0001ÖеĶà¸ö·ì϶½¨¸´²»¼°£¨½ö×èֹͨ¹ýIP½Ó¼ûThrift ·þÎñ£©£¬µ¼Ö´æÔÚÈƹýVMSA-2023-0001²¹¶¡µÄÉí·ÝÑéÖ¤Èƹý²½Ö衣Ŀǰ¸Ã·ì϶µÄPoCÒѹ«¿ª£¬Í¨¹ýÀÄÓÃIPµØÖ·ºýŪºÍ¸÷ÀàThrift RPC¶ËµãÀ´ÊµÏÖËÁÒâÎļþдÈ룬³É¹¦ÀûÓÿÉʹÓÃroot ȨÏÞÔ¶³ÌÖ´ÐдúÂë¡£

´Ë±í£¬VMware Aria Operations for LogsÖл¹½¨¸´ÁËÁíÒ»¸ö·´ÐòÁл¯·ì϶£¨CVE-2023-34052£¬CVSSv3ÆÀ·ÖΪ8.1£©£¬¶Ô±¾µØϵͳӵÓзÇÖÎÀí½Ó¼ûȨÏ޵ĶñÒâÐÐΪÕßÄܹ»´¥·¢Êý¾Ý·´ÐòÁл¯£¬´Ó¶øµ¼ÖÂÉí·ÝÑéÖ¤Èƹý¡£


¶þ¡¢Ó°ÏìÁìÓò

VMware Aria Operations for Logs 8.x < 8.14

VMware Cloud Foundation (VMware Aria Operations for Logs) 5.x¡¢4.x

 

Èý¡¢°²È«´ëÊ©

3.1 Éý¼¶°æ±¾

Ä¿Ç°ÕâЩ·ì϶ÒѾ­½¨¸´£¬ÊÜÓ°ÏìÓû§¿ÉÉý¼¶µ½ÒÔÏ°汾£º

VMware Aria Operations for Logs 8.x£ºÉý¼¶µ½8.14

VMware Cloud Foundation (VMware Aria Operations for Logs) 5.x¡¢4.x£º²Î¿¼KB95212

ÏÂÔØÁ´½Ó£º

https://customerconnect.vmware.com/en/downloads/info/slug/infrastructure_operations_management/vmware_aria_operations_for_logs/8_14

3.2 һʱ´ëÊ©

ÔÝÎÞ¡£

3.3 ͨÓý¨Òé

l  ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£

l  ¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£

l  ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£

l  ¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£

l  ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£

3.4 ²Î¿¼Á´½Ó

https://www.vmware.com/security/advisories/VMSA-2023-0021.html

https://www.horizon3.ai/vmware-aria-operations-for-logs-cve-2023-34051-technical-deep-dive-and-iocs/

https://www.vmware.com/security/advisories/VMSA-2023-0001.html

 


ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2023-10-25

³õ´Î°ä²¼

 

 

Îå¡¢¸½Â¼

5.1 GA»Æ½ð¼×¼ò½é

GA»Æ½ð¼×³ÉÁ¢ÓÚ1996Ä꣬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢Õ¼ÓÐÆëÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢°²È«¸ß¿Æ¼¼ÆóÒµ¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢°²È«²úÆ·¡¢°²È«·þÎñ½â¾ö¹æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°GA»Æ½ð¼×´óÏ㬹«Ë¾Ô±¹¤6000ÓàÈË£¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊÓ×¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬Õ¼Óи²¸ÇÈ«¹úµÄÏúÊÛϵͳ¡¢Çþ·ϵͳºÍ¼¼ÊõÖ§³Öϵͳ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐÓ×°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬GA»Æ½ð¼×ÖÂÁ¦ÓÚÌṩӵÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´Ðµİ²È«²úÆ·ºÍ×î¼Ñʵ¼Ê·þÎñ£¬Ô®ÊÖ¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄ°²È«ÐԺͳö²úЧÁ¦£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢°²È«²úÒµÁì¾üÆ·Åƶø²»Ð¸ÖÂÁ¦¡£

5.2 ¹ØÓÚGA»Æ½ð¼×

GA»Æ½ð¼×°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑ°ä²¼1000¶à¸ö·ì϶¹«¸æ΢·çÏÕÔ¤¾¯£¬ÎÒÃǽ«³ÖÐø¸ú×ÙÈ«Çò×îеÄÍøÂ簲ȫÊÂÎñºÍ·ì϶£¬ÎªÆóÒµµÄÐÅÏ¢°²È«±£¼Ý»¤º½¡£

¹Ø×¢ÎÒÃÇ£º

image.png