Authentication Bypass in Aria Operations for Networks by VMware
CVE-2023-34039
Key Information:
- Vendor
- Vmware
- Vendor
- CVE Published:
- 29 August 2023
Badges
Summary
Aria Operations for Networks faces a significant vulnerability that allows malicious actors with network access to bypass SSH authentication. This is primarily due to the absence of unique cryptographic key generation, which could potentially enable unauthorized access to the command line interface. Organizations utilizing this product are urged to implement immediate security measures to mitigate the risk of exploitation.
Affected Version(s)
Aria Operations for Networks Aria Operations for Networks 6.x
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
Security AffairsCVE-2023-34039PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks
Researcher released PoC exploit code for a recent critical flaw (CVE-2023-34039) in VMware Aria Operations for Networks.
1 year ago
Help Net SecurityCVE-2023-34039VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039) - Help Net Security
VMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in its Aria Operations for Networks.
1 year ago
References
EPSS Score
95% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved