Security News > 2023 > August > VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039)

VMware has patched one critical and one high-severity vulnerability in Aria Operations for Networks, its popular enterprise network monitoring tool.

It could allow an attacker with network access to Aria Operations for Networks to bypass SSH authentication to gain access to the Aria Operations for Networks command-line interface.

CVE-2023-20890 is an arbitrary file write vulnerability that could allow an authenticated attacker with administrative access to VMware Aria Operations for Networks to write files to arbitrary locations resulting in remote code execution.

Aria Operations for Networks versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10 are impacted and, since there are no workarounds, users are urged to update to version 6.11.0 as soon as possible.

In mid-June 2023, VMware has fixed three vulnerabilities in VMware Aria Operations for Networks, one of which was being exploited in the wild.

CVE-2023-20887 is a pre-authentication command injection vulnerability that could allow an attacker with network access to VMware Aria Operations for Networks to perform a command injection attack and remotely execute code.

News URL

https://www.helpnetsecurity.com/2023/08/30/cve-2023-34039/