Mware Aria vulnerable to critical SSH authentication bypass flaw

VMware Aria Operations for Networks, formerly known as vRealize Network Insight, has been identified as vulnerable to a critical authentication bypass flaw. This vulnerability could potentially enable remote attackers to bypass SSH authentication and gain access to private endpoints.

VMware Aria is a comprehensive suite used for managing and monitoring virtualized environments and hybrid clouds. It encompasses various functions such as IT automation, log management, analytics generation, network visibility, security, capacity planning, and complete operations management.

The security advisory, published by VMware, warns of this flaw affecting all Aria 6.x branch versions. This vulnerability, designated as CVE-2023-34039, carries a critical rating with a CVSS v3 score of 9.8.

VMware’s advisory regarding the flaw explains that “Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation.” As a result, a malicious actor with network access to Aria Operations for Networks could potentially bypass SSH authentication and gain unauthorized access to the Aria Operations for Networks CLI.

Exploiting CVE-2023-34039 could have serious consequences, including data exfiltration or manipulation through the product’s command line interface. Depending on the configuration, such unauthorized access could lead to network disruption, configuration changes, malware installation, and lateral movement within the network.

The vendor has not provided any specific workarounds or mitigation recommendations for this vulnerability. To address the critical flaw, the recommended actions are to either upgrade to version 6.11 or apply the KB94152 patch on earlier releases.

To safeguard your system, you can access the appropriate security update package and follow the installation instructions for your specific version on this webpage.

In addition to addressing the critical CVE-2023-34039 flaw, the same patch also resolves a second high-severity issue, CVE-2023-20890, with a CVSS v3 score of 7.2. This vulnerability involves arbitrary file writing, which, if exploited, may enable an attacker with administrative access to execute remote code on the target system.

Considering that this software is widely utilized in large organizations that handle valuable assets, it is crucial to note that cybercriminals are swift to exploit critical vulnerabilities affecting such products.

As an example, in June 2023, VMware issued a warning to its clients about the active exploitation of CVE-2023-20887, a remote code execution vulnerability affecting Aria Operations for Networks. Notably, mass scanning and exploitation activities commenced just one week after the vendor released a security update to address the issue. Furthermore, a working Proof of Concept (PoC) exploit was published merely two days after the update became available.

Given these circumstances, any delay in applying the KB94152 patch or upgrading to Aria version 6.11 could expose your network to significant risks of hacker attacks.