Critical Security Vulnerabilities in VMware Aria Operations for Networks Addressed in Latest Updates

by | Aug 30, 2023 | News

Critical Security Vulnerabilities in VMware Aria Operations

Post Views: 127

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

VMware has taken swift action to rectify two security vulnerabilities present in Aria Operations for Networks software, addressing the potential risks of authentication bypass and remote code execution.

Critical vulnerabilities 

The most critical of the identified vulnerabilities, labeled CVE-2023-34039 (CVSS score: 9.8), stems from a deficiency in unique cryptographic key generation, leading to authentication bypass. An attacker with network access to Aria Operations for Networks could exploit this flaw to evade SSH authentication and gain unauthorized entry to the Aria Operations for Networks CLI. This discovery is credited to the efforts of researchers Harsh Jaiswal and Rahul Maini from ProjectDiscovery.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

The second security weakness, designated as CVE-2023-20890 (CVSS score: 7.2), involves an arbitrary file write vulnerability affecting Aria Operations for Networks. This vulnerability could be exploited by an adversary with administrative access, enabling them to write files to various locations and potentially achieve remote code execution. Sina Kheirkhah from the Summoning Team is acknowledged for reporting this vulnerability. It’s worth noting that Kheirkhah had previously uncovered multiple flaws in the same product, including CVE-2023-20887, which was exploited by threat actors in the wild in June 2023.

VMware released patches addressing the vulnerabilities

The impacted versions of VMware Aria Operations Networks include 6.2 to 6.10. To address these vulnerabilities, VMware has released a series of patches corresponding to each version. Notably, version 6.11.0 includes comprehensive fixes for both of these flaws.

Trending: The Remarkable Journey of Dave Kennedy as a Cyber Security Innovator

Trending: Offensive Security Tool: BruteSpray

Given the historical attractiveness of security issues in VMware as a target for malicious actors, it is imperative for users to swiftly update to the latest version of Aria Operations for Networks. By doing so, users can effectively fortify their systems against potential threats and ensure the security of their environments.

Trending: Kali Linux 2023.3 Release: Enhanced Infrastructure, Revamped Kali Autopilot, and 9 Tool Additions

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: thehackernews.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This