PT-2023-4597 · Vmware · Vmware Aria Operations For Networks
Harsh Jaiswal
+1
·
Published
2023-08-29
·
Updated
2024-01-17
·
CVE-2023-34039
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
VMware Aria Operations for Networks versions 6.0 through 6.10
Description
The issue is related to an authentication bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. This vulnerability allows attackers to bypass authentication and potentially gain remote code execution.
Recommendations
For versions 6.0 through 6.10, update to a patched version to mitigate the vulnerability. As a temporary workaround, consider restricting access to the Aria Operations for Networks CLI to minimize the risk of exploitation. Additionally, ensure that SSH keys are properly managed and unique to prevent unauthorized access.
Exploit
Fix
Improper Authentication
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vmware Aria Operations For Networks