Virtualization vendor VMware has released software patches to address two security vulnerabilities in its Aria Operations for Networks software [1].
Description
The first vulnerability [1] [3] [4] [6] [7] [8], known as CVE-2023-34039 [2], is a critical authentication bypass flaw that allows remote hackers to bypass SSH authentication and access private endpoints [5]. This vulnerability [1] [2] [3] [4] [5] [6] [7] [8], discovered by researchers from ProjectDiscovery [1], is caused by a lack of unique cryptographic key generation [4]. It enables an attacker with network access to gain unauthorized access to the command-line interface [2] [4].
The second vulnerability [1] [3] [4] [6] [7], CVE-2023-20890 [1] [2] [3] [4] [5] [6] [7] [8], is an arbitrary file write vulnerability that could be exploited to execute remote code in the context of the administrator account [8]. An attacker could then gain privileges to install programs [8], manipulate data [8], or create new accounts with full user rights [8].
These vulnerabilities affect versions 6.2 to 6.10 of VMware Aria Operations Networks [3]. Previous critical vulnerabilities in the Aria Operations for Networks software have been targeted by cybercriminals, prompting CISA to flag these vulnerabilities as well.
If left unpatched, these flaws could potentially provide hackers with access to infrastructure from multiple providers [1]. To protect against these threats, users are advised to update to version 6.11.0 of Aria Operations for Networks, which contains the necessary fixes. There are no known workarounds for either vulnerability [7], so it is important for users to install the provided updates promptly.
Conclusion
These security vulnerabilities pose significant risks to the security and integrity of VMware Aria Operations for Networks software. By promptly updating to version 6.11.0, users can mitigate the potential impacts of these vulnerabilities and protect their infrastructure from unauthorized access. It is crucial for users to prioritize the installation of the provided updates to ensure the continued security of their systems.
References
[1] https://www.dreaded.org/2023/08/30/ai/critical-flaws-in-vmware-aria-network-operations-patched/
[2] https://www.helpnetsecurity.com/2023/08/30/cve-2023-34039/
[3] https://www.linkedin.com/pulse/remote-attacks-pose-threat-vmware-aria-operations
[4] https://allinfosecnews.com/item/vmware-fixes-critical-vulnerability-in-aria-operations-for-networks-cve-2023-34039-2023-08-30/
[5] https://vulnera.com/newswire/critical-ssh-authentication-bypass-vulnerability-detected-in-vmware-aria/
[6] https://thehackernews.com/2023/08/critical-vulnerability-alert-vmware.html
[7] https://angrysysops.com/2023/08/30/vulnerabilities-in-aria-operations-for-networks-what-you-need-to-know-vmsa-2023-0018/
[8] https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-vmware-aria-operations-for-networks-could-allow-for-remote-code-execution_2023-097
