VMware Aria Vulnerability Allows Remote Takeover

VMware's Aria Operations for Networks analysis tool

A critical vulnerability has been discovered in VMware's Aria Operations for Networks analysis tool, previously known as vRealize Network Insight. The vulnerability, tracked as CVE-2023-34039, allows remote attackers to bypass SSH authentication and gain access to the tool's command line interface without user interaction.

The vulnerability is caused by a hardcoded SSH key that is used by all versions of Aria Operations for Networks from 6.0 to 6.10. An attacker can exploit this vulnerability by using the PoC code to generate a malicious SSH packet that will be accepted by the Aria Operations for Networks server. Once the attacker has gained access to the CLI, they can execute arbitrary commands on the device, including installing malware or stealing data.

VMware has released patches for this vulnerability, but it is important that users apply the updates as soon as possible to protect themselves from attack. The PoC exploit code has been released online, so it is only a matter of time before it is used by attackers to exploit the vulnerability in the wild.

In addition to CVE-2023-34039, VMware has also patched another vulnerability (CVE-2023-20890) that could allow attackers to gain remote code execution after obtaining admin access to the appliance.

Administrators are strongly advised to update their Aria Operations for Networks appliances to the latest version as soon as possible as a preventive measure against potential incoming attacks.

This is the third critical vulnerability in VMware's Network Insight products in the past two months. In July, VMware warned customers that exploit code was released online for a critical RCE flaw (CVE-2023-20864) in the VMware Aria Operations for Logs analysis tool, patched in April.

One month earlier, the company issued another alert regarding the active exploitation of another Network Insight critical bug (CVE-2023-20887) that can lead to remote command execution attacks.

The frequency of critical vulnerabilities being found in VMware's Network Insight products is a cause for concern. Administrators should closely monitor VMware's security advisories and apply patches as soon as they are available to protect their networks from attack.

In addition to the technical details of the vulnerability, the summary also highlights the following important points:

  • The vulnerability is critical and could allow attackers to gain full control of vulnerable systems.
  • The vulnerability has been patched, but users should apply the patches as soon as possible.
  • The vulnerability is not limited to a specific version of Aria Operations for Networks, so all users should update to the latest version.
  • VMware has a history of security vulnerabilities in its Network Insight products, so users should be vigilant about applying security patches.