Critical SSH Authentication Bypass Vulnerability Detected in VMware Aria

August 30, 2023

VMware Aria Operations for Networks, earlier known as vRealize Network Insight, has a critical severity authentication bypass flaw that could enable remote hackers to bypass SSH authentication and access private endpoints.

VMware Aria is a comprehensive suite for managing and monitoring virtualized environments and hybrid clouds. It provides IT automation, log management, analytics generation, network visibility, security, capacity planning, and overall operations management.

The company issued a security advisory warning about this flaw that affects all 6.x branch versions of Aria. The vulnerability, identified by analysts at ProjectDiscovery Research, is designated as CVE-2023-34039 and has been given a CVSS v3 scope of 9.8, categorizing it as 'critical'.

As per VMware's advisory, "Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI."

The exploitation of the CVE-2023-34039 flaw could result in data exfiltration or manipulation via the product's command line interface. Depending on the configuration, this access could lead to network disruption, configuration modification, malware installation, and lateral movement.

The company hasn't offered any workarounds or mitigation recommendations. The only solution to address this critical flaw is to upgrade to version 6.11 or apply the KB94152 patch on earlier releases.

A second vulnerability, CVE-2023-20890, which is of high-severity (CVSS v3: 7.2), is also addressed by the same patch. This flaw could allow an attacker with administrative access to execute remote code.

Large organizations using this software, which hold valuable assets, are often targeted by hackers who exploit such high-risk vulnerabilities. In June 2023, VMware alerted its customers about the active exploitation of CVE-2023-20887, a remote code execution vulnerability affecting Aria Operations for Networks.

The scanning and exploitation efforts began a week after the security update addressing the issue was released and just two days after a working proof of concept exploit was published. Therefore, any delay in applying the KB94152 patch or upgrading to Aria version 6.11 could expose your network to significant hacker attacks.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.