VMware has issued critical software updates to address two significant security vulnerabilities found in Aria Operations for Networks, which could be exploited to bypass authentication and execute remote code.
The most severe vulnerability, identified as CVE-2023-34039, carries a CVSS score of 9.8 and involves an authentication bypass due to inadequate cryptographic key generation. This flaw enables unauthorized users with access to the network to circumvent SSH authentication, ultimately gaining access to the Command-Line Interface (CLI) of Aria Operations for Networks. According to VMware, this issue underscores critical risks that need immediate attention from users. The flaw was discovered by Harsh Jaiswal and Rahul Maini from ProjectDiscovery.
Additionally, the second vulnerability, CVE-2023-20890, has a CVSS score of 7.2 and pertains to an arbitrary file write issue. This vulnerability allows an attacker with administrative access to write files to arbitrary locations, thereby achieving potential remote code execution. The report of this weakness can be attributed to Sina Kheirkhah of Summoning Team, who has previously identified multiple vulnerabilities in the same software suite.
These vulnerabilities affect multiple versions of VMware Aria Operations Networks, specifically versions 6.2 through 6.10. VMware has released a series of patches for each affected version, including version 6.11.0, which incorporates fixes for both issues. The organization has urged its users to upgrade promptly to mitigate risks associated with these critical vulnerabilities.
Given the historical context of VMware-related exploits being a focal point for cyber adversaries, it is imperative for business owners to prioritize these updates to protect their systems against potential threats. Utilizing frameworks such as the MITRE ATT&CK can provide insight into potential tactics employed during these exploits, including initial access through bypass techniques and privilege escalation via file write vulnerabilities.
In light of these developments, businesses are encouraged to maintain vigilant cybersecurity practices, ensuring not only timely updates but also robust security measures to detect and respond to issues effectively.
