cbcvebase.
CVE-2023-34039
published 2023-08-29

CVE-2023-34039: Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with…

PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
63.95%
99.1th percentile
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

Affected

2 ranges
VendorProductVersion rangeFixed in
vmwarearia_operations_for_networks
vmwarearia_operations_for_networks>= 6.2.0 < 6.11.06.11.0

Detection & IOCsextracted from sources · hover to see the quote

pathhelpers/payloads/cve-2023-34039-keys
bytes
490a00463044022067e174d6c90e92678eaafde6f0a74f822450decf4ed611c0951573f80c54eb4002202d4f477e3bf5b4f30eb7625e538e2025e5534b7e738f6250c0f07d9293159136:922c64590222798bb761d5b6d8e72950
  • Detect SSH authentication attempts using the static/known private key against the 'support' user account on TCP port 22 of VMware Aria Operations for Networks appliances.
  • Flag successful SSH logins as the 'support' (root) user originating from unexpected external sources, as this account should not be accessible via static keys post-patch.
  • Monitor for brute-force SSH key authentication attempts (multiple ConnectWithKey attempts in rapid succession) against port 22 on Aria Operations for Networks hosts, consistent with key-list enumeration.
  • Affected versions are 6.0.0 through 6.10.0; prioritize detection and patching on appliances running these versions as they do not randomize SSH keys on VM initialization.
  • ·The Nuclei template uses a pre-condition check to confirm port 22 is open before attempting key bruteforce; scanners or IDS should not rely solely on connection establishment as an indicator — the key authentication success is the true signal.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.