VMware has released security patches to address two critical vulnerabilities in Aria Operations for Networks. The vulnerabilities could allow attackers to bypass authentication and gain remote code execution on unpatched appliances.
The Aria Operations for Networks plays a crucial role in monitoring, discovering, and analysing network and application landscapes.
Aria Operations for Networks Authentication Bypass Vulnerability
The vulnerability tracked as CVE-2023-34039, with a CVSS score of 9.8, this vulnerability can potentially spell disaster. This bug allows an attacker to swerve around the usual authentication process, granting them unauthorized access. At its core, the CVE-2023-34039 flaw arises from a lapse in the unique cryptographic key generation in the Aria Operations for Networks.
This is akin to handing them the keys to the kingdom, as they gain unhindered access to the Aria Operations for Networks Command Line Interface (CLI). The implications are dire, as this could compromise sensitive information and jeopardize an organization’s security apparatus.
Aria Operations for Networks Arbitrary File Write Vulnerability
The vulnerability tracked as CVE-2023-20890 with a CVSS score of 7.2, this bug is by no means less threatening. This vulnerability allows an authenticated user, armed with administrative access, to write files at any location they deem fit. This arbitrary file write vulnerability is like leaving a side door open – it can be manipulated to execute remote code on the vulnerable device.
If the attacker were to write a malicious file to a location that is executed by the appliance, they could then gain remote code execution on the appliance.
VMware said the vulnerabilities were addressed with VMware Aria Operations Networks 6.11 and urged customers to update to VMware Aria Operations Networks 6.11 as soon as possible to protect themselves from these vulnerabilities. There’s no evidence of these bugs being misused in the wild.