On Tuesday 29 August 2023, VMware disclosed a critical authentication bypass vulnerability (CVE-2023-34039) in VMware Aria Operations for Networks–formerly known as vRealize Network Insight–that could result in a threat actor gaining access to the Aria Operations for Networks CLI by bypassing SSH authentication.
The vulnerability was responsibly disclosed to VMware and has not been actively exploited in campaigns. Furthermore, we have not identified a public proof of concept (PoC) exploit for CVE-2023-34039. However, threat actors have historically leveraged a VMware Aria Operations for Networks command injection vulnerability (CVE-2023-20887) to obtain remote code execution, according to CISA’s Known Exploited Vulnerabilities Catalog.
In addition to CVE-2023-34039, VMware disclosed one other vulnerability that impacts the same VMware Aria Operations for Networks version.
- CVE-2023-20890 (CVSS 7.2): Arbitrary File Write Vulnerability
VMware Aria Operations for Network | |
Affected Versions | Fixed Version |
6.x | 6.11 (KB94152) |
6.2.0 | Build number: 1688977536 |
6.3.0 | Build number: 1688986302 |
6.4.0 | Build number: 1689079386 |
6.5.1 | Build number: 1688974096 |
6.6.0 | Build number: 1688979729 |
6.7.0 | Build number: 1688972173 |
6.8.0 | Build number: 1688989059 |
6.9.0 | Build number: 1688995771 |
6.10.0 | Build number: 1692934256 |
CVE-2023-34039 Recommendation: Upgrade VMware Aria Operations for Networks to 6.11 or a Fixed Build Number
Arctic Wolf strongly recommends upgrading VMware Aria Operations for Networks to 6.11 or a fixed build number to prevent potential exploitation.
The upgrade package can be found in VMware’s Customer Connect portal here: https://kb.vmware.com/s/article/94152
Please follow your organisations patching and testing guidelines to avoid operational impact.