VMware addresses critical vulnerabilities in Aria Operations for Networks
Take action: These vulnerabilities weren't a panic mode but were an urgent and important effort. Patch your VMware Aria while the exploit doesn't become widely used and automated. As of 31st of August, the exploit is published and it became VERY URGENT TO PATCH. All exposed unpatched VMware Aria systems will be another actively exploited like the Citrix and Fortinet products in the past two months.
Learn More
VMware has reported and addressed two critical vulnerabilities affecting VMware Aria Operations for Networks, it's network monitoring tool used by enterprises
The vulnerabilitues pose serious threats as they enable attackers to perform authentication bypass and gain unauthorized write access to the application, respectively:
- CVE-2023-34039 (CVSS3 score 9.8) - Authentication Bypass Vulnerability: This vulnerability stems from a flaw in cryptographic key generation, which leads to a dangerous SSH authentication bypass. Threat actors can exploit this weakness to gain access to the Command Line Interface of Aria Operations for Networks. If successfully exploited, unauthorized individuals can manipulate the application. While no public exploit has been detected thus far, the potential consequences of such an attack are severe.
- CVE-2023-20890 (CVSS3 score 7.2) - Arbitrary File Write Vulnerability: This vulnerability involves an arbitrary file write flaw that hinges on attackers having administrative privileges within VMware Aria Operations for Networks. In exploiting this vulnerability, threat actors can write files to any location of their choice, thereby opening the door to remote code execution. This vulnerability, although less severe than the authentication bypass, still possesses a significant risk. As with the previous vulnerability, no concrete evidence of active exploitation or publicly available exploits has surfaced.
The vulnerabilities, affect VMware Aria Operations Networks versions 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9, and 6.10. have been addressed in a series of patches released by VMware for each of the versions. The recommended course of action is for users to update to version 6.11.0, which contains the necessary fixes to mitigate these security risks.
Update - On Thursday 31st of August, VMware updated its advisory to confirm that exploit code had been published for the flaw, though it did not give further details.
On 4th of September a Proof-of-concept exploit for the CVE-2023-34039 has been published. Expect automated exploits soon.
