CVE-2023-34039/20890 VMware Aria Operations for Networks Authentication Bypass

Summary
VMware has released updates to address an authentication bypass that may allow an attacker to bypass SSH authentication methods due to the lack of unique cryptographic key generation, allowing the attacker to access the Aria Operations for Networks CLI (command line interface). A remote attacker may be able to leverage this bypass to execute remote code by writing files to arbitrary locations and achieve data exfiltration, lateral movement, and persistence.

This patch also addresses CVE-2023-20890 which is an arbitrary file write vulnerability with a CVSSv3 score of 7.2.

CVE-2023-34039 - Aria Operations for Networks Authentication Bypass Vulnerability

CVSSv3: 9.8

Affected Versions

• VMware Aria Operations for Networks version 6.2 / 6.3 / 6.4 / 6.5 / 6..6 / 6.7 / 6.8 / 6.9 / 6.10

Mitigations

Apply patch for VMware Aria Operations for Networks version 6.11.0

Additional Resources

Patches for specific builds from VMware:
https://kb.vmware.com/s/article/94152
https://nvd.nist.gov/vuln/detail/CVE-2023-34039
https://www.vmware.com/security/advisories/VMSA-2023-0018.html
https://www.bleepingcomputer.com/news/security/vmware-aria-vulnerable-to-critical-ssh-authentication-bypass-flaw/