Exploit released for critical VMware SSH auth bypass vulnerability

2023-09-01 20:21

Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool.

Today, VMware confirmed that CVE-2023-34039 exploit code has been published online, two days after disclosing the critical security bug.

The proof-of-concept exploit targets all Aria Operations for Networks versions from 6.0 to 6.10, and it was developed and released by Summoning Team vulnerability researcher Sina Kheirkhah.

In July, VMware warned customers that exploit code was released online for a critical RCE flaw in the VMware Aria Operations for Logs analysis tool, patched in April.

VMware Aria vulnerable to critical SSH authentication bypass flaw.

VMware warns of exploit available for critical vRealize RCE bug.

News URL

https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-vmware-ssh-auth-bypass-vulnerability/

#bypass #vmware #vulnerability #exploit #SSH #critical #CVE-2023-34039

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-29	CVE-2023-34039	Use of a Broken or Risky Cryptographic Algorithm vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. network low complexity vmware CWE-327 critical	9.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Vmware		186	84	404	199	101	788
SSH		7	2	8	4	1	15

News URL

Related news

Related Vulnerability

Related vendor