VMware has acted swiftly to address critical security vulnerabilities in its Aria Operations for Networks software. These vulnerabilities could potentially enable malicious actors to bypass authentication measures and gain remote code execution access.
The most severe of these flaws, known as CVE-2023-34039, has a high CVSS score of 9.8 and is caused by a lack of unique cryptographic key generation. This vulnerability could allow an attacker with network access to bypass SSH authentication, gaining unauthorized access to the Aria Operations for Networks CLI.
Another significant vulnerability, CVE-2023-20890, carries a CVSS score of 7.2 and allows an adversary with administrative access to write files to arbitrary locations, potentially achieving remote code execution. Sina Kheirkhah of Summoning Team, known for previous discoveries in the same product, reported this vulnerability.
It’s noteworthy that one of the previously discovered vulnerabilities, CVE-2023-20887, had been actively exploited in the wild in June 2023.These vulnerabilities impact multiple versions of VMware Aria Operations Networks, ranging from version 6.2 to 6.10.
VMware promptly released a series of patches for each affected version, and version 6.11.0 incorporates fixes for these critical flaws. Given the history of security issues in VMware products being attractive targets for threat actors, it is essential for users to take immediate action by updating to the latest version. This proactive measure will provide robust protection against potential security threats, ensuring the security and integrity of their network operations.