CVE-2023-34039

CVSS 9.8 CRITICALEPSS 63.9%

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · Aria Operations for Networks

public PoCs found — 7

githubgithub.com/sinsinology/CVE-2023-34039★ 97 githubgithub.com/Cyb3rEnthusiast/CVE-2023-34039★ 3 githubgithub.com/syedhafiz1234/CVE-2023-34039★ 1 githubgithub.com/CharonDefalt/CVE-2023-34039★ 0 githubgithub.com/adminxb/CVE-2023-34039★ 0 cve_referencepacketstormsecurity.com/files/175320/VMWare-Aria-Operations-For-Networks-SSH-Private-Key-Exposure.htmlunverified cve_referencepacketstormsecurity.com/files/174452/VMWare-Aria-Operations-For-Networks-Remote-Code-Execution.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/174452/VMWare-Aria-Operations-For-Networks-Remote-Code-Execution.html http://packetstormsecurity.com/files/175320/VMWare-Aria-Operations-For-Networks-SSH-Private-Key-Exposure.html https://www.vmware.com/security/advisories/VMSA-2023-0018.html