VMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network monitoring tool.
About the vulnerabilities (CVE-2023-34039, CVE-2023-20890)
CVE-2023-34039 is a network bypass vulnerability arising as a result of a lack of unique cryptographic key generation. It could allow an attacker with network access to Aria Operations for Networks to bypass SSH authentication to gain access to the Aria Operations for Networks command-line interface (CLI).
CVE-2023-20890 is an arbitrary file write vulnerability that could allow an authenticated attacker with administrative access to VMware Aria Operations for Networks to write files to arbitrary locations resulting in remote code execution.
The first vulnerability has been reported by Harsh Jaiswal and Rahul Maini at ProjectDiscovery Research and the second by Sina Kheirkhah of Summoning Team.
There are no indications that the vulnerabilities have been exploited in the wild.
Aria Operations for Networks versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10 are impacted and, since there are no workarounds, users are urged to update to version 6.11.0 as soon as possible.
Aria Operations for Networks under attack
In mid-June 2023, VMware has fixed three vulnerabilities in VMware Aria Operations for Networks, one of which was being exploited in the wild (CVE-2023-20887).
CVE-2023-20887 is a pre-authentication command injection vulnerability that could allow an attacker with network access to VMware Aria Operations for Networks to perform a command injection attack and remotely execute code.
Attempts to exploit the flaw started two days after a PoC exploit was published.
UPDATE (September 2, 2023, 05:35 a.m. ET):
Vulnerability researcher Sina Kheirkhah has released a PoC for CVE-2023-34039.