VMware fixes critical security bugs (CVE-2023-34039 & CVE-2023-20890) in Aria Operations for Networks

CVE-2023-34039

VMware, the titan of virtualization software, has once again ensured its commitment to fortifying its products. On Tuesday, a duo of concerning security vulnerabilities targeting the vRealize Network Insight, now rebranded as VMware Aria Operations for Networks, was brought to light.

For those not in the loop, the Aria Operations for Networks is not just any network tool. It’s the spine of many modern enterprises, playing a crucial role in monitoring, discovering, and analyzing network and application landscapes.

CVE-2023-34039

VMware has released security patches to address two critical vulnerabilities in Aria Operations for Networks. The vulnerabilities could allow attackers to bypass authentication and gain remote code execution on unpatched appliances.

CVE-2023-34039: Aria Operations for Networks Authentication Bypass Vulnerability

With a CVSS score teetering at a concerning 9.8, this vulnerability can potentially spell disaster. This bug allows an attacker to swerve around the usual authentication process, granting them unauthorized access. At its core, the CVE-2023-34039 flaw arises from a lapse in the unique cryptographic key generation in the Aria Operations for Networks.

So, what’s the worst that could happen? In simple terms, a hacker with the bare minimum – just network access to Aria Operations for Networks – could bypass the SSH authentication. This is akin to handing them the keys to the kingdom, as they gain unhindered access to the Aria Operations for Networks Command Line Interface (CLI). The implications are dire, as this could compromise sensitive information and jeopardize an organization’s security apparatus.

CVE-2023-20890: Aria Operations for Networks Arbitrary File Write Vulnerability

Though it’s a notch lower in terms of severity with a CVSS score of 7.2, this bug is by no means less threatening. This vulnerability allows an authenticated user, armed with administrative access, to write files at any location they deem fit. This arbitrary file write vulnerability is like leaving a side door open – it can be manipulated to execute remote code on the vulnerable device.

If the attacker were to write a malicious file to a location that is executed by the appliance, they could then gain remote code execution on the appliance.

The company said the vulnerabilities were addressed with VMware Aria Operations Networks 6.11. VMware is urging customers to update to VMware Aria Operations Networks 6.11 as soon as possible to protect themselves from these vulnerabilities. And for those losing sleep over potential exploitation, breathe a sigh of relief – there’s no evidence of these bugs being misused in the wild.