CVE-2023-34039

Name of the Vulnerable Software and Affected Versions VMware Aria Operations for Networks versions 6.0 through 6.10

Description The issue is related to an authentication bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. This vulnerability allows attackers to bypass authentication and potentially gain remote code execution.

Recommendations For versions 6.0 through 6.10, update to a patched version to mitigate the vulnerability. As a temporary workaround, consider restricting access to the Aria Operations for Networks CLI to minimize the risk of exploitation. Additionally, ensure that SSH keys are properly managed and unique to prevent unauthorized access.