Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/174452/VMWare-Aria-Operations-For-Networks-Remote-Code-Execution.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/175320/VMWare-Aria-Operations-For-Networks-SSH-Private-Key-Exposure.html | Exploit Third Party Advisory VDB Entry |
https://www.vmware.com/security/advisories/VMSA-2023-0018.html | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2023-08-29T17:36:18.899Z
Updated: 2023-08-29T17:36:18.899Z
Reserved: 2023-05-25T17:21:56.201Z
Link: CVE-2023-34039
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-29T18:15:08.680
Modified: 2024-01-09T02:32:49.600
Link: CVE-2023-34039
JSON object: View
Redhat Information
No data.
CWE