Headline
CVE-2023-34039: VMSA-2023-0018
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Advisory ID: VMSA-2023-0018
CVSSv3 Range: 7.2 - 9.8
Issue Date: 2023-08-29
Updated On: 2023-08-29 (Initial Advisory)
CVE(s): CVE-2023-34039, CVE-2023-20890
Synopsis: VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-34039, CVE-2023-20890)
****1. Impacted Products****
- Aria Operations for Networks
****2. Introduction****
Multiple vulnerabilities in Aria Operations for Networks were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
****3a. Aria Operations for Networks Authentication Bypass Vulnerability (CVE-2023-34039)****
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8.
A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
To remediate CVE-2023-34039 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
Aria Operations for Networks collectors are impacted by CVE-2023-34039, however, upgrading the platform appliance remediates this issue.
VMware would like to thank Harsh Jaiswal and Rahul Maini at ProjectDiscovery Research for reporting this issue to us.
****3b. Aria Operations for Networks Arbitrary File Write Vulnerability (CVE-2023-20890)****
Aria Operations for Networks contains an arbitrary file write vulnerability. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.2.
An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
To remediate CVE-2023-20890 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
VMware would like to thank Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) for reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
VMware Aria Operations Networks
6.x
Any
CVE-2023-34039, CVE-2023-20890
9.8, 7.2
critical
6.11
None
KB94152
****4. References****
****5. Change Log****
2023-08-29 VMSA-2023-0018
Initial security advisory.
****6. Contact****
Related news
VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.
Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation. “A
VMware has released software updates to correct two security vulnerabilities in Aria Operations for Networks that could be potentially exploited to bypass authentication and gain remote code execution. The most severe of the flaws is CVE-2023-34039 (CVSS score: 9.8), which relates to a case of authentication bypass arising as a result of a lack of unique cryptographic key generation. "A