Two security vulnerabilities in Aria Operations for Networks – CVE-2023-34039 & CVE-2023-20890 – could potentially be exploited to bypass authentication and gain RCE (Remote Code Execution on unpatched appliances.
In its advisory, VMware said “A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI”. The vulnerabilities have been addressed in a series of patches released by VMware for each of the affected versions.
Here’s what you need to know:
What are CVE-2023-34039 & CVE-2023-20890?
Playing a crucial role in discovering, monitoring, and analyzing network and application landscapes, Aria Operations for Networks is at the very core of many modern enterprises’ functionality. This makes it a well-known target for a variety of attacks performed by different threat actors.
As reported by Harsh Jaiswal and Rahul Maini at ProjectDiscovery Research, CVE-2023-34039 is a vulnerability in Aria Operations for Networks which enables unauthorized access. Scoring a worrisome 9.8 on the CVSS scale, the implications of this vulnerability are far-reaching. It stems from a deficiency in generating unique cryptographic keys, resulting in a network bypass vulnerability.
This flaw has the potential to enable a perpetrator possessing network access to Aria Operations for Networks to circumvent SSH authentication. This, in turn, grants them entry into the Aria Operations for Networks command-line interface (CLI). Essentially, it permits an attacker to circumvent the standard authentication procedure, leading to unauthorized entry.
So, what are the potential outcomes of this vulnerability? Put simply, an attacker armed with only basic requirements – namely, network access to Aria Operations for Networks – can maneuver past SSH authentication. This situation is comparable to granting them unrestricted access to the Aria Operations for Networks Command Line Interface (CLI). The consequences are grave, encompassing the possible compromise of sensitive data and endangering an organization’s security infrastructure.
CVE-2023-20890 was reported by Sina Kheirkhah of Summoning Team, and it is a vulnerability allowing arbitrary file writes. While slightly less severe with a CVSS score of 7.2, CVE-2023-20890 remains highly menacing. This vulnerability empowers an authenticated user possessing administrative privileges to insidiously write files to any chosen location. This arbitrary file write susceptibility resembles an unlocked side entrance – one that can be exploited to execute remote code on the vulnerable device.
An attacker crafting a malicious file destined for an executable location within the system could subsequently achieve remote code execution on the system itself.
Do CVE-2023-34039 & CVE-2023-20890 affect me?
These issues affect Aria Operations for Networks versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10 and, since there are no workarounds, users are urged to update to version 6.11.0 as soon as possible.
Have CVE-2023-34039 or CVE-2023-2-890 been actively exploited in the wild?
For those concerned about potential exploitation, there is currently no evidence of these vulnerabilities being maliciously exploited in the wild.
How to fix CVE-2023-34039 and CVE-2023-20890
The company has addressed these vulnerabilities through the release of VMware Aria Operations Networks 6.11. VMware strongly advises its customers to swiftly update to version 6.11 of VMware Aria Operations Networks to shield themselves against these vulnerabilities.
The popular virtualization services provider has announced that version 6.11.0 includes remedies for both of these vulnerabilities. Because security issues in VMware have always been found appealing by attackers and threat actors, to protect against potential threats it’s imperative that users move quickly to update to the latest version to safeguard against potential threats.
Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:
- Announcing the Attack Path Graph for end-to-end risk prioritization
- Can you trust ChatGPT’s package recommendations?
- MITRE ATTACK framework – Mapping techniques to CVEs
- Exploit maturity: an introduction
- IBM’s Cost of a Data Breach report 2023 – what we learned