Security News > 2023 > September > Exploit released for critical VMware SSH auth bypass vulnerability
Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool.
Today, VMware confirmed that CVE-2023-34039 exploit code has been published online, two days after disclosing the critical security bug.
The proof-of-concept exploit targets all Aria Operations for Networks versions from 6.0 to 6.10, and it was developed and released by Summoning Team vulnerability researcher Sina Kheirkhah.
In July, VMware warned customers that exploit code was released online for a critical RCE flaw in the VMware Aria Operations for Logs analysis tool, patched in April.
VMware Aria vulnerable to critical SSH authentication bypass flaw.
VMware warns of exploit available for critical vRealize RCE bug.
News URL
Related news
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- Ivanti warns of maximum severity CSA auth bypass vulnerability (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- Critical security hole in Apache Struts under exploit (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-29 | CVE-2023-34039 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. | 9.8 |