Skip to main content

VMware Releases Critical Security Update for VMware Aria Operations for Networks

Security update addresses an authentication bypass vulnerability and an arbitrary file write vulnerability

Threat ID:
CC-4372
Threat Severity:
Medium
Published:
30 August 2023 4:36 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update addresses an authentication bypass vulnerability and an arbitrary file write vulnerability

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 6.11

VMware Aria Operations for Networks (formerly vRealize Network Insight)

Threat details

Introduction

VMware has released a security update to address two vulnerabilities in VMware Aria Operations for Networks. CVE-2023-34039, which has been assigned a CVSSv3 score of 9.8, is an authentication bypass vulnerability that could allow a malicious attacker with network access to bypass SSH authentication and take control of an affected system.

The vulnerability known as CVE-2023-20890 is assigned a CVSSv3 score of 7.2 and is an arbitrary file write vulnerability that could allow an authenticated malicious attacker to write files to arbitrary locations, leading to remote code execution.

Proof-of-concept exploit code published for CVE-2023-34039

VMware is aware of a publicly available proof-of-concept exploit code exploiting CVE-2023-34039.

Threat updates

Date Update
4 Sep 2023 Proof-of-concept exploit code published for CVE-2023-34039

This cyber alert has been updated to reflect this change.

Remediation advice

Affected organisations are encouraged to review the VMware Security Advisory VMSA-2023-0018 and apply any relevant updates.

Last edited: 4 September 2023 12:33 pm