Security News > 2023 > September > Exploit released for critical VMware SSH auth bypass vulnerability

Exploit released for critical VMware SSH auth bypass vulnerability
2023-09-01 20:21

Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool.

Today, VMware confirmed that CVE-2023-34039 exploit code has been published online, two days after disclosing the critical security bug.

The proof-of-concept exploit targets all Aria Operations for Networks versions from 6.0 to 6.10, and it was developed and released by Summoning Team vulnerability researcher Sina Kheirkhah.

In July, VMware warned customers that exploit code was released online for a critical RCE flaw in the VMware Aria Operations for Logs analysis tool, patched in April.

VMware Aria vulnerable to critical SSH authentication bypass flaw.

VMware warns of exploit available for critical vRealize RCE bug.


News URL

https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-vmware-ssh-auth-bypass-vulnerability/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-29 CVE-2023-34039 Use of a Broken or Risky Cryptographic Algorithm vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
network
low complexity
vmware CWE-327
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591