Security News > 2023 > September > Exploit released for critical VMware SSH auth bypass vulnerability
Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool.
Today, VMware confirmed that CVE-2023-34039 exploit code has been published online, two days after disclosing the critical security bug.
The proof-of-concept exploit targets all Aria Operations for Networks versions from 6.0 to 6.10, and it was developed and released by Summoning Team vulnerability researcher Sina Kheirkhah.
In July, VMware warned customers that exploit code was released online for a critical RCE flaw in the VMware Aria Operations for Logs analysis tool, patched in April.
VMware Aria vulnerable to critical SSH authentication bypass flaw.
VMware warns of exploit available for critical vRealize RCE bug.
News URL
Related news
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- QNAP warns of critical auth bypass flaw in its NAS devices (source)
- Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-29 | CVE-2023-34039 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. | 9.8 |