Critical Authentication Bypass Vulnerability in VMware Aria Operations for Networks: CVE-2023-34039

On Tuesday 29 August 2023, VMware disclosed a critical authentication bypass vulnerability (CVE-2023-34039) in VMware Aria Operations for Networks–formerly known as vRealize Network Insight–that could result in a threat actor gaining access to the Aria Operations for Networks CLI by bypassing SSH authentication.  

The vulnerability was responsibly disclosed to VMware and has not been actively exploited in campaigns. Furthermore, we have not identified a public proof of concept (PoC) exploit for CVE-2023-34039. However, threat actors have historically leveraged a VMware Aria Operations for Networks command injection vulnerability (CVE-2023-20887) to obtain remote code execution, according to CISA’s Known Exploited Vulnerabilities Catalog.  

In addition to CVE-2023-34039, VMware disclosed one other vulnerability that impacts the same VMware Aria Operations for Networks version.  

• CVE-2023-20890 (CVSS 7.2): Arbitrary File Write Vulnerability 

CVE-2023-34039 Recommendation: Upgrade VMware Aria Operations for Networks to 6.11 or a Fixed Build Number 

Arctic Wolf strongly recommends upgrading VMware Aria Operations for Networks to 6.11 or a fixed build number to prevent potential exploitation.  

The upgrade package can be found in VMware’s Customer Connect portal here: https://kb.vmware.com/s/article/94152  

Please follow your organisations patching and testing guidelines to avoid operational impact. 

References 

• VMware Security Advisory
• VMware Patches