ºÚÁÏÉç

On Tuesday, August 29, 2023, VMware disclosed a critical authentication bypass vulnerability (CVE-2023-34039) in VMware Aria Operations for Networks¨Cformerly known as vRealize Network Insight¨Cthat could result in a threat actor gaining access to the Aria Operations for Networks CLI by bypassing SSH authentication. ?

The vulnerability was responsibly disclosed to VMware and has not been actively exploited in campaigns. Furthermore, we have not identified a public proof of concept (PoC) exploit for CVE-2023-34039. However, threat actors have historically leveraged a VMware Aria Operations for Networks command injection vulnerability () to obtain remote code execution, according to CISA¡¯s Known Exploited Vulnerabilities Catalog. ?

In addition to CVE-2023-34039, VMware disclosed one other vulnerability that impacts the same VMware Aria Operations for Networks version. ?

• CVE-2023-20890 (CVSS 7.2): Arbitrary File Write Vulnerability?

?

CVE-2023-34039 Recommendation: Upgrade VMware Aria Operations for Networks to 6.11 or a Fixed Build Number?

Arctic Wolf strongly recommends upgrading VMware Aria Operations for Networks to 6.11 or a fixed build number to prevent potential exploitation. ?

The upgrade package can be found in VMware¡¯s Customer Connect portal here: ?

Please follow your organizations patching and testing guidelines to avoid operational impact.?

References?