Vmware vRealize network insight RCE CVE 2023-20887

[secureness]

Related to this issue.

I moved the setup guidance to here

[secureness]

@leonardo-doyensec I'm sorry if I should not ping you since this is a really important product I'd like to ask you to check this plugin sooner.
it seems that setting up a VCenter in a local computer without any physical server can be interesting and hard :)
I already used this complete tutorial to set up a home lab on a VMware workstation:
https://www.youtube.com/watch?v=ivTDffsFTHw&list=PLiWivaJb025ZSNxervevLYscEBCkCYuQP

it was a good experience for me, I believe you already know this though.

it would be great if I could get feedback on this ASAP.

[ikkisoft]

Hi @secureness, thank you for your contribution! Can you please submit a testbed for this detector in the https://github.com/google/security-testbeds repo?

[secureness]

hi @ikkisoft
I created the testbed. I also have the vRealize installation OVA files and bundle file and I uploaded it to my server. this is because Broadcom doesn't let to download these files easily( at least with personal email registration) anymore.
It would be great if someone downloaded the files as soon as possible(17GB).

[ikkisoft]

@secureness Thanks for the update, however we need more detailed how-to instructions so that anyone can download the appropriate software/keys and verify the correct functionality of the plugin. Also, it's not sufficient to reference a Youtube video - instead please summarize the minimal number of steps required for a proper setup.

For proprietary software (such as vRealize), we cannot host a copy; instead, the user would need to follow your step-by-step instructions in order to download the target software and setup the appropriate keys / configuration. Thanks!

cc: @leonardo-doyensec