Critical SSH Authentication Bypass Vulnerability Detected in VMware Aria

August 30, 2023

VMware Aria Operations for Networks, earlier known as vRealize Network Insight, has a critical severity authentication bypass flaw that could enable remote hackers to bypass SSH authentication and access private endpoints.

VMware Aria is a comprehensive suite for managing and monitoring virtualized environments and hybrid clouds. It provides IT automation, log management, analytics generation, network visibility, security, capacity planning, and overall operations management.

The company issued a security advisory warning about this flaw that affects all 6.x branch versions of Aria. The vulnerability, identified by analysts at ProjectDiscovery Research, is designated as CVE-2023-34039 and has been given a CVSS v3 scope of 9.8, categorizing it as 'critical'.

As per VMware's advisory, "Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI."

The exploitation of the CVE-2023-34039 flaw could result in data exfiltration or manipulation via the product's command line interface. Depending on the configuration, this access could lead to network disruption, configuration modification, malware installation, and lateral movement.

The company hasn't offered any workarounds or mitigation recommendations. The only solution to address this critical flaw is to upgrade to version 6.11 or apply the KB94152 patch on earlier releases.

A second vulnerability, CVE-2023-20890, which is of high-severity (CVSS v3: 7.2), is also addressed by the same patch. This flaw could allow an attacker with administrative access to execute remote code.

Large organizations using this software, which hold valuable assets, are often targeted by hackers who exploit such high-risk vulnerabilities. In June 2023, VMware alerted its customers about the active exploitation of CVE-2023-20887, a remote code execution vulnerability affecting Aria Operations for Networks.

The scanning and exploitation efforts began a week after the security update addressing the issue was released and just two days after a working proof of concept exploit was published. Therefore, any delay in applying the KB94152 patch or upgrading to Aria version 6.11 could expose your network to significant hacker attacks.

Related News

• Critical Exploit in VMware vRealize: A Call for Urgent Patching
• CISA Updates Known Exploited Vulnerabilities Catalog with Six New Flaws
• Critical VMware vRealize Vulnerability Actively Exploited
• VMware Patches Critical Vulnerability in vRealize Network Analytics Tool

Latest News

• ClamAV Exposed to WinRAR Code Execution Vulnerability (CVE-2023-40477)
• Barracuda Zero-Day Attacks Target US Government Email Servers
• Juniper Firewall Vulnerabilities: Exploit Code Released for Remote Code Execution Attacks
• LockBit 3.0 Ransomware Builder Leaked Online: An Analysis
• Massive MOVEit Hack Affects Nearly 1,000 Organizations and 60 Million Individuals