CVE-2023-34039
published 2023-08-29CVE-2023-34039: Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with…
PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
63.95%
99.1th percentile
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | aria_operations_for_networks | — | — |
| vmware | aria_operations_for_networks | >= 6.2.0 < 6.11.0 | 6.11.0 |
Detection & IOCsextracted from sources · hover to see the quote
pathhelpers/payloads/cve-2023-34039-keys
bytes
490a00463044022067e174d6c90e92678eaafde6f0a74f822450decf4ed611c0951573f80c54eb4002202d4f477e3bf5b4f30eb7625e538e2025e5534b7e738f6250c0f07d9293159136:922c64590222798bb761d5b6d8e72950
- →Detect SSH authentication attempts using the static/known private key against the 'support' user account on TCP port 22 of VMware Aria Operations for Networks appliances.
- →Flag successful SSH logins as the 'support' (root) user originating from unexpected external sources, as this account should not be accessible via static keys post-patch. ↗
- →Monitor for brute-force SSH key authentication attempts (multiple ConnectWithKey attempts in rapid succession) against port 22 on Aria Operations for Networks hosts, consistent with key-list enumeration.
- →Affected versions are 6.0.0 through 6.10.0; prioritize detection and patching on appliances running these versions as they do not randomize SSH keys on VM initialization. ↗
- ·The Nuclei template uses a pre-condition check to confirm port 22 is open before attempting key bruteforce; scanners or IDS should not rely solely on connection establishment as an indicator — the key authentication success is the true signal.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-34039, CVE-2023-20890)
vendor_vmware·2023-08-29·CVSS 7.2
CVE-2023-20890 [HIGH] VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-34039, CVE-2023-20890)
VMSA-2023-0018: VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-34039, CVE-2023-20890)
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8.
CVEs: CVE-2023-20890, CVE-2023-34039
Affected products: VMware Aria
GHSA
GHSA-hvfm-xp6c-5fc9: Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation
ghsa_unreviewed·2023-08-29
CVE-2023-34039 [CRITICAL] CWE-327 GHSA-hvfm-xp6c-5fc9: Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
No detection rules found.
Nuclei
VMWare Aria Operations - Remote Code Execution
nuclei·CVSS 9.8
CVE-2023-34039 [CRITICAL] VMWare Aria Operations - Remote Code Execution
VMWare Aria Operations - Remote Code Execution
VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)
Version: All versions from 6.0 to 6.10
Template:
id: CVE-2023-34039
info:
name: VMWare Aria Operations - Remote Code Execution
author: tarunKoyalwar
severity: critical
description: |
VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)
Version: All versions from 6.0 to 6.10
impact: |
Successful exploitation of this vulnerability can lead to remote code execution or a complete system crash.
remediation: |
Apply the latest security patches or updates provided by the vendor to fix this vulnerability.
reference:
- https://github.com/sinsinology/CVE-2023-34039.git
- https://nvd.nist.gov/vuln/detail/CVE
Metasploit
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
metasploit
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.
http://packetstormsecurity.com/files/174452/VMWare-Aria-Operations-For-Networks-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/175320/VMWare-Aria-Operations-For-Networks-SSH-Private-Key-Exposure.htmlhttps://www.vmware.com/security/advisories/VMSA-2023-0018.htmlhttp://packetstormsecurity.com/files/174452/VMWare-Aria-Operations-For-Networks-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/175320/VMWare-Aria-Operations-For-Networks-SSH-Private-Key-Exposure.htmlhttps://www.vmware.com/security/advisories/VMSA-2023-0018.html
2023-08-29
Published