VMware, a leading multi-cloud service provider, has issued a security advisory regarding a critical vulnerability impacting its VMware Aria Operations for Networks, previously known as vRealize Network Insight. According to the advisory, this vulnerability has been determined as a security risk with high severity, potentially enabling remote attackers to bypass SSH (Secure Shell) authentication, thus gaining unauthorised access to private endpoints.
VMware Aria serves as the company’s multifaceted suite tailored for the management and monitoring of virtualised environments and hybrid cloud infrastructures. It consolidates multiple essential VMware services that were previously separated, such as vRealize Operations, vRealize Automation, vRealize Network Insight, and CloudHealth into a unified Aria Hub console. This centralised console provides users with a single point for viewing and managing their entire multi-cloud environment. It includes extensive capabilities for facilitating system security, capacity planning, log management, IT automation, analytics generation, and comprehensive operations management.
According to the report, the vulnerability, tracked down as CVE-2023-34039, has been rated with a CVSS v3 score of 9.8, categorising it as “critical.” Project Discovery Research that identified the flaw raised a substantial security issue across all Aria 6.x branch versions. In response, VMware issued a security advisory to address this pressing issue.
VMware’s advisory underscores the inherent risk of the exploitation of the vulnerability. It states that “Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.”
Malicious exploitation of the vulnerability could lead to severe repercussions, for instance, data manipulation or exfiltration via the product’s command line interface. Based on the network configuration, the flaw can result in malware installations, network disruptions, unauthorised configuration alterations, and lateral movement within the network.
Customers are urged to upgrade to Aria version 6.11, which includes fixes for the CVE-2023-34039 vulnerability ensuring a secure environment. The company has provided the KB94152 patch as a temporary solution for users who cannot immediately upgrade to Aria version 6.11. This patch should be applied to earlier releases to secure your environment.
The same patch also addresses another high-severity security flaw determined as CVE-2023-20890, with a maximum CVSSv3 base score of 7.2. According to the advisory issued by VMware, this vulnerability could allow “an authenticated malicious actor with administrative access to VMware Aria Operations for Networks and write files to arbitrary locations resulting in remote code execution.”
That said, because this software is deployed by large organisations with valuable assets, cyberattackers are quick to exploit such critical vulnerabilities affecting these products.
Organisations are urged to integrate vulnerability intelligence with their vulnerability and threat management strategy. A real-time, automated, and AI-powered vulnerability intelligence solution such as Prism Platform by Rootshell Security not only identifies issues, but also zeroes in on security vulnerabilities in software that are being actively exploited.
Sohela is an electrical engineer and a self-professed writer with a keen interest in all things tech. When she’s not writing killer content pieces, you’ll find her enjoying tempting foods in her favourite restaurants.