Security News > 2023 > September > PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability
Proof-of-concept exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks.
"A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI," VMware said earlier this week.
Summoning Team's Sina Kheirkhah, who published the PoC following an analyzing the patch by VMware, said the root cause can be traced back to a bash script containing a method named refresh ssh keys(), which is responsible for overwriting the current SSH keys for the support and ubuntu users in the authorized keys file.
VMware's latest fixes also address CVE-2023-20890, an arbitrary file write vulnerability impacting Aria Operations for Networks that could be abused by an adversary with administrative access to write files to arbitrary locations and achieve remote code execution.
The release of the PoC coincides with the virtualization technology giant issuing fixes for an high-severity SAML token signature bypass flaw across several Windows and Linux versions of VMware Tools.
"A malicious actor with man-in-the-middle network positioning in the virtual machine network may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations," the company said in an advisory released Thursday.
News URL
https://thehackernews.com/2023/09/poc-exploit-released-for-critical.html
Related news
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- QNAP warns of critical auth bypass flaw in its NAS devices (source)
- Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability (source)
- PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-29 | CVE-2023-20890 | Path Traversal vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution. | 7.2 |