As per reports, VMware has been reported with two critical vulnerabilities that could allow threat actors to perform an authentication bypass and gain arbitrary write access on VMware Aria Operations for Networks.
Enterprises use VMware Aria Operations for Networks to build a highly available, optimized, and secure infrastructure that performs across multiple cloud environments. VMware has acted quickly and addressed these vulnerabilities.
Authentication Bypass Vulnerability (CVE-2023-34039)
This vulnerability exists due to the lack of unique cryptographic key generation, leading to an SSH authentication bypass resulting in gaining access to the Command Line Interface of Aria Operations for Networks. The CVSS Score for this vulnerability is given as 9.8 (Critical).
Once threat actors gain access to the Command Line Interface of VMware Aria Operations for Networks, they can perform malicious actions on the application. However, there is no evidence for a publicly available exploit for this vulnerability.
Arbitrary File Write Vulnerability (CVE-2023-20890)
This vulnerability can be exploited by a threat actor who has administrative privileges to VMware Aria Operations for networks. The threat actor can write files to arbitrary locations, which could result in remote code execution. The CVSS Score for this vulnerability has been given as 7.2 (High).
The component affected by this vulnerability has been reported as a File handler. As per the MITRE report, this has been categorized as CWE-287: Improper Authentication. There has been no evidence to propose the current exploitation of this vulnerability nor a publicly available exploit.
VMware Aria Operations for Networks prior to version 6.11 are not affected by these vulnerabilities. Users of these products are recommended to follow the Knowledge Base KB94152 released by VMware as part of fixing these vulnerabilities.
Source: https://cybersecuritynews.com/vmware-aria-operations-flaw/
