Critical Vulnerability Affecting VMware Aria Operations for Networks

Published on 31 Aug 2023

VMware has released a security advisory to address a critical vulnerability (CVE-2023-34039) affecting their network monitoring tool, Aria Operations for Networks (formerly vRealise Network Insight). The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the vulnerability could allow an attacker with network access to Aria Operations for Networks to bypass SSH authentication to gain access to the Aria Operations for Networks' Command Line Interface (CLI) and potentially take control of the affected system.

The vulnerability affects VMware Aria Operations Networks versions 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9, and 6.10.

Users and administrators of affected product versions are advised to upgrade their software to version 6.11.0 immediately.

More information is available at:
https://www.vmware.com/security/advisories/VMSA-2023-0018.html
https://nvd.nist.gov/vuln/detail/CVE-2023-34039
https://kb.vmware.com/s/article/94152