Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-34039

CWE-327 — Broken Cryptographic Algorithm5 documents5 sources

Severity

9.8CRITICAL

EPSS

93.2%

top 0.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Vmware Aria Operations FOR Networks

Timeline

PublishedAug 29

Description

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5aria_operations_for_networksAria Operations for Networks 6.x

▶NVDvmware/aria_operations6.2.0 — 6.11.0

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-34039: Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation↗2023-08-29

▶

GHSA

GHSA-hvfm-xp6c-5fc9: Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation↗2023-08-29

▶

💥Exploits & PoCs

Nuclei

VMWare Aria Operations - Remote Code Execution

▶

📋Vendor Advisories

VMware

VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-34039, CVE-2023-20890)↗2023-08-29

▶