Warning: Vulnerabilities in VMware Aria Operations for Networks
Reference:
Advisory #2023-0103
Version:
1.0
Affected software:
VMware Aria Operations for Networks 6.x
Type:
SSH authentication bypass (for CVE-2023-34039) and arbitrary file write resulting in remote code execution (for CVE-2023-20890)
CVE/CVSS:
CVE-2023-34039
CVE-2023-20890
Date:
08/09/2023
Sources
https://www.vmware.com/security/advisories/VMSA-2023-0018.html
Risks
VMware Aria Operations for Networks is a network monitoring tool that collects and analyzes data that flows through the network.
Both CVE-2023-34039 and CVE-2023-20890 have low attack complexity and neither vulnerability requires user interaction.
Exploitation of CVE-2023-34039 can bypass SSH authentication to gain access to the Aria Operations for Networks CLI. An attacker could then remotely execute code as a system administrator to create, read, update or delete data resulting in a high impact on confidentiality, integrity and availability.
A proof-of-concept (PoC) exploit code would already have been made available.
Description
CVE-2023-34039: Aria Operations for Networks contains an authentication bypass vulnerability.
CVE-2023-20898: Aria Operations for Networks contains an arbitrary file write vulnerability.
Recommended Actions
The Centre for Cyber security Belgium strongly recommends system administrators to visit VMWare's download page to apply the necessary patches: https://kb.vmware.com/s/article/94152