VMware is warning of two SSH authentication vulnerabilities in Aria Operations for Networks. These can allow hackers to bypass SSH authentication and gain access to private endpoints.
Aria Operations for Networks (VMware Aria), formerly vRealize Network Insight, is a suite for managing and monitoring virtual environment hybrid cloud environments. It achieves this by providing IT automation, log management, analytics generation, network insights, security and capacity planning and complete operations operations.
Authentication bypass and remote execution
According to the virtualization giant, the first vulnerability, CVE-2023-34039, causes an authentication bypass. Through this bypass, hackers are able to bypass SHH authentication and gain access to endpoints.
These attackers could then use the solution’s CLI to steal or manipulate data. Ultimately, it can also lead to network traffic disruption, configuration modification, malware installation and lateral movement inside an organization’s network.
The second vulnerability found in VMware Aria, CVE-2023-20890, is a random file write issue that lets attackers who have management access on a target perform remote execution. This allows them to write files to arbitrary locations in the affected network environments.
No workaround or solution
The vulnerabilities affect all VMware Aria branch versions starting with version 6.x. No workarounds or fixes have been released for this issue. It is recommended that companies using this suite update to version 6.11 or implement the KB94152 patch for earlier version.
VMware has been plagued by critical vulnerabilities lately. As recently as June of this year, the vulnerability CVE-2023-20887 for VMware Aria was found.