www.belgium.be Logo of the federal government

Warning: Vulnerabilities in VMware Aria Operations for Networks

Reference: 
Advisory #2023-0103
Version: 
1.0
Affected software: 
VMware Aria Operations for Networks 6.x
Type: 
SSH authentication bypass (for CVE-2023-34039) and arbitrary file write resulting in remote code execution (for CVE-2023-20890)
CVE/CVSS: 
CVE-2023-34039
CVE-2023-20890

Sources

https://www.vmware.com/security/advisories/VMSA-2023-0018.html

Risks

VMware Aria Operations for Networks is a network monitoring tool that collects and analyzes data that flows through the network.
Both CVE-2023-34039 and CVE-2023-20890 have low attack complexity and neither vulnerability requires user interaction.
Exploitation of CVE-2023-34039 can bypass SSH authentication to gain access to the Aria Operations for Networks CLI.  An attacker could then remotely execute code as a system administrator to create, read, update or delete data resulting in a high impact on confidentiality, integrity and availability.
A proof-of-concept (PoC) exploit code would already have been made available.

Description

CVE-2023-34039: Aria Operations for Networks contains an authentication bypass vulnerability.
CVE-2023-20898: Aria Operations for Networks contains an arbitrary file write vulnerability.

Recommended Actions

The Centre for Cyber security Belgium strongly recommends system administrators to visit VMWare's download page to apply the necessary patches: https://kb.vmware.com/s/article/94152

References