CVE-2023-34039

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-34039
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://packetstormsecurity.com/files/174452/VMWare-Aria-Operations-For-Networks-Remote-Code-Execution.html Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/175320/VMWare-Aria-Operations-For-Networks-SSH-Private-Key-Exposure.html Exploit Third Party Advisory VDB Entry
https://www.vmware.com/security/advisories/VMSA-2023-0018.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:*
History

09 Jan 2024, 02:32

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/174452/VMWare-Aria-Operations-For-Networks-Remote-Code-Execution.html - () http://packetstormsecurity.com/files/174452/VMWare-Aria-Operations-For-Networks-Remote-Code-Execution.html - Third Party Advisory, VDB Entry
References () http://packetstormsecurity.com/files/175320/VMWare-Aria-Operations-For-Networks-SSH-Private-Key-Exposure.html - () http://packetstormsecurity.com/files/175320/VMWare-Aria-Operations-For-Networks-SSH-Private-Key-Exposure.html - Exploit, Third Party Advisory, VDB Entry

25 Oct 2023, 18:17

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/175320/VMWare-Aria-Operations-For-Networks-SSH-Private-Key-Exposure.html -

02 Sep 2023, 15:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/174452/VMWare-Aria-Operations-For-Networks-Remote-Code-Execution.html -

31 Aug 2023, 18:32

Type Values Removed Values Added
CPE cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:*
References (MISC) https://www.vmware.com/security/advisories/VMSA-2023-0018.html - (MISC) https://www.vmware.com/security/advisories/VMSA-2023-0018.html - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
First Time Vmware
Vmware aria Operations For Networks
CWE CWE-327

29 Aug 2023, 20:41

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-29 18:15

Updated : 2024-01-09 02:32

NVD link : CVE-2023-34039

Mitre link : CVE-2023-34039

CVE.ORG link : CVE-2023-34039

JSON object : View

Products Affected

vmware

  • aria_operations_for_networks
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm