Warning: Vulnerabilities in VMware Aria Operations for Networks

Published : 08/09/2023

Reference:
Advisory #2023-0103

Version:
1.0

Affected software:
VMware Aria Operations for Networks 6.x

Type:
SSH authentication bypass (for CVE-2023-34039) and arbitrary file write resulting in remote code execution (for CVE-2023-20890)

CVE/CVSS:

CVE-2023-34039

CVE-2023-20890

Sources

https://www.vmware.com/security/advisories/VMSA-2023-0018.html

Risks

VMware Aria Operations for Networks is a network monitoring tool that collects and analyzes data that flows through the network.

Both CVE-2023-34039 and CVE-2023-20890 have low attack complexity and neither vulnerability requires user interaction.

Exploitation of CVE-2023-34039 can bypass SSH authentication to gain access to the Aria Operations for Networks CLI. An attacker could then remotely execute code as a system administrator to create, read, update or delete data resulting in a high impact on confidentiality, integrity and availability.

A proof-of-concept (PoC) exploit code would already have been made available.

Description

CVE-2023-34039: Aria Operations for Networks contains an authentication bypass vulnerability.
CVE-2023-20898: Aria Operations for Networks contains an arbitrary file write vulnerability.

Recommended Actions

The Centre for Cyber security Belgium strongly recommends system administrators to visit VMWare's download page to apply the necessary patches: https://kb.vmware.com/s/article/94152

References

https://nvd.nist.gov/vuln/detail/CVE-2023-34039

https://nvd.nist.gov/vuln/detail/CVE-2023-20890