Sep 15, 2023, 11:11 AM
VMware Aria Operations for Networks (formerly vRealize Network Insight) is vulnerable to a critical severity authentication bypass flaw that could allow remote attackers to bypass SSH authentication and access private endpoints.
VMware Aria is a suite for managing and monitoring virtualized environments and hybrid clouds, enabling IT automation, log management, analytics generation, network visibility, security and capacity planning, and full-scope operations management.
Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool (formerly known as vRealize Network Insight).
The flaw (tracked as CVE-2023-34039) was found by security analysts at ProjectDiscovery Research and patched by VMware with the release of version 6.11.
Successful exploitation enables remote attackers to bypass SSH authentication on unpatched appliances and access the tool's command line interface in low-complexity attacks that don't require user interaction because of what the company describes as "a lack of unique cryptographic key generation."
https://raw.githubusercontent.com/sinsin...in/poc.gif
To mitigate the flaw, VMware "highly recommends" applying security patches for Aria Operations for Networks versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10 available on this support document.
VMware confirmed that CVE-2023-34039 exploit code has been published online, two days after disclosing the critical security bug.
The proof-of-concept (PoC) exploit targets all Aria Operations for Networks versions from 6.0 to 6.10, and it was developed and released by Summoning Team vulnerability researcher Sina Kheirkhah.
Kheirkhah said that the root cause of the issue are hardcoded SSH keys left after VMware forgot to regenerate SSH authorized keys.
"Each version of VMware's Aria Operations for Networks has a unique SSH key. To create a fully functional exploit, I had to collect all the keys from different versions of this product," Kheirkhah said.
GitHub: https://github.com/sinsinology/CVE-2023-34039
Original Post: https://summoning.team/blog/vmware-vreal...023-34039/
VMware Aria is a suite for managing and monitoring virtualized environments and hybrid clouds, enabling IT automation, log management, analytics generation, network visibility, security and capacity planning, and full-scope operations management.
Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool (formerly known as vRealize Network Insight).
The flaw (tracked as CVE-2023-34039) was found by security analysts at ProjectDiscovery Research and patched by VMware with the release of version 6.11.
Successful exploitation enables remote attackers to bypass SSH authentication on unpatched appliances and access the tool's command line interface in low-complexity attacks that don't require user interaction because of what the company describes as "a lack of unique cryptographic key generation."
https://raw.githubusercontent.com/sinsin...in/poc.gif
To mitigate the flaw, VMware "highly recommends" applying security patches for Aria Operations for Networks versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10 available on this support document.
VMware confirmed that CVE-2023-34039 exploit code has been published online, two days after disclosing the critical security bug.
The proof-of-concept (PoC) exploit targets all Aria Operations for Networks versions from 6.0 to 6.10, and it was developed and released by Summoning Team vulnerability researcher Sina Kheirkhah.
Kheirkhah said that the root cause of the issue are hardcoded SSH keys left after VMware forgot to regenerate SSH authorized keys.
"Each version of VMware's Aria Operations for Networks has a unique SSH key. To create a fully functional exploit, I had to collect all the keys from different versions of this product," Kheirkhah said.
GitHub: https://github.com/sinsinology/CVE-2023-34039
Original Post: https://summoning.team/blog/vmware-vreal...023-34039/