Security News > 2023 > August > VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039)
VMware has patched one critical and one high-severity vulnerability in Aria Operations for Networks, its popular enterprise network monitoring tool.
It could allow an attacker with network access to Aria Operations for Networks to bypass SSH authentication to gain access to the Aria Operations for Networks command-line interface.
CVE-2023-20890 is an arbitrary file write vulnerability that could allow an authenticated attacker with administrative access to VMware Aria Operations for Networks to write files to arbitrary locations resulting in remote code execution.
Aria Operations for Networks versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10 are impacted and, since there are no workarounds, users are urged to update to version 6.11.0 as soon as possible.
In mid-June 2023, VMware has fixed three vulnerabilities in VMware Aria Operations for Networks, one of which was being exploited in the wild.
CVE-2023-20887 is a pre-authentication command injection vulnerability that could allow an attacker with network access to VMware Aria Operations for Networks to perform a command injection attack and remotely execute code.
News URL
https://www.helpnetsecurity.com/2023/08/30/cve-2023-34039/
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)
- Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-29 | CVE-2023-20890 | Path Traversal vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution. | 7.2 |
| 2023-06-07 | CVE-2023-20887 | Command Injection vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a command injection vulnerability. | 9.8 |