overview
This week, VMware fixed two vulnerabilities found in Aria Operations for Networks. According to VMware, the first vulnerability, CVE-2023-34039, has a CVSS score of 9.8 and is an authentication bypass vulnerability due to lack of unique cryptographic key generation. The second vulnerability, CVE-2023-20890, has a CVSS score of 7.2 and is an arbitrary write file vulnerability.
According to VMware’s advisory, CVE-2023-34039 is critical and could allow attackers with network access to Aria Operations for Networks to bypass SSH authentication, ultimately gaining access to the Aria Operations for Networks CLI.
CVE-2023-20890 is a high-severity vulnerability and attackers with administrative privileges can exploit it to write files in any location and achieve remote code execution. Both vulnerabilities impact the following VMware Aria Operations for Networks versions:
VMware has addressed CVE-2023-34039 and CVE-2023-20890 with patches for each of the above versions. VMware security issues are an attractive target for cybercriminals. Avertium recommends that users update to the latest version of Aria Operations for Networks as soon as possible.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-34039 or CVE-2023-20890. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.SUPPORTING DOCUMENTATION