The vulnerability has been determined as a security risk with high severity, potentially enabling remote attackers to bypass SSH (Secure Shell) authentication, thus gaining unauthorised access to private endpoints
Surrey, United Kingdom Sep 4, 2023 (Issuewire.com) - Geeky News--a trusted tech and lifestyle journal--recently reported on the critical vulnerabilities impacting VMware Aria Operations for Networks that have been brought to light. VMware, a prominent multi-cloud service provider, has issued a security advisory regarding this concerning discovery. The vulnerability, classified security risk with high severity, potentially allows remote attackers to bypass SSH (Secure Shell) authentication, thereby gaining unauthorised access to private endpoints.
VMware Aria Operations for Networks, previously known as vRealize Network Insight, serves as VMware's comprehensive suite for managing and monitoring virtualised environments and hybrid cloud infrastructures. It consolidates essential VMware services, such as vRealize Operations, vRealize Automation, vRealize Network Insight, and CloudHealth, into a unified Aria Hub console. This central hub provides users with a singular point for overseeing their entire multi-cloud environment. It encompasses robust features for system security, capacity planning, log management, IT automation, analytics generation, and comprehensive operations management.
The vulnerability in question--tracked as CVE-2023-34039--carries a CVSS v3 score of 9.8, categorising it as "critical." Discovered by Project Discovery Research, this flaw presents a substantial security risk across all Aria 6.x branch versions. In response, VMware promptly issued a security advisory to address this pressing issue.
VMware's advisory emphasises the inherent risk associated with the exploitation of this vulnerability. It states, "Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI."
Exploiting this vulnerability could lead to severe consequences, including data manipulation or exfiltration through the product's command line interface. Depending on network configurations, the flaw may result in malware installations, network disruptions, unauthorised configuration changes, and lateral movement within the network.
To mitigate the risk posed by this vulnerability, customers are strongly urged to upgrade to Aria version 6.11, which includes comprehensive fixes for CVE-2023-34039. VMware has also provided the KB94152 patch as a temporary solution for users who cannot immediately upgrade to Aria version 6.11.
Furthermore, the same patch addresses another high-severity security flaw, identified as CVE-2023-20890, with a maximum CVSSv3 base score of 7.2. According to VMware's advisory, this vulnerability could enable "an authenticated malicious actor with administrative access to VMware Aria Operations for Networks to write files to arbitrary locations, resulting in remote code execution."
Given the significance of these vulnerabilities and their potential impact, large organisations with valuable assets must remain vigilant and proactive in addressing them.
Organisations are encouraged to integrate vulnerability intelligence into their vulnerability and threat management strategies. Real-time, automated, and AI-powered vulnerability intelligence solutions, such as Prism Platform by Rootshell Security, not only identify issues but also pinpoint security vulnerabilities in software that are actively exploited.
For more in-depth information, please read the full article on Geeky News at https://www.geekynews.co.uk/vmware-addressses-multiple-vulnerabilities/
+44 20 3800 1212
Parallel House, 32 London Road Guildford, Surrey
Source :Geeky News
This article was originally published by IssueWire. Read the original article here.