Critical Vulnerability Alert: VMware Aria Operations Networks at Risk from Remote Attacks

Cyber Security Threat Summary:
VMware recently rolled out security updates to fix two vulnerabilities impacting Aria Operations for Networks, which could enable actors to bypass authentication and execute code remotely. The first flaw, tracked as CVE-2023-34039 received a CVSS score of 9.8 out of 10, indicating a critical level of severity. In particular, this flaw relates to a case of authentication bypass which is caused due to a lack of unique cryptographic key generation. The second flaw tracked as CVE-2023-20890 (CVSS score: 7.2), relates to an arbitrary file write vulnerability that can be exploited by actors with administrative access to write files to arbitrary locations, in turn achieving remote code execution.

Security Officer Comments:
CVE-2023-34039 and CVE-2023-20890 impact VMware Aria Operations Networks versions 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9, and 6.10 and have been addressed with the release of version 6.11.0. At the moment it is unclear if these flaws were actively exploited in the wild. However, in the past, VMware products have been exploited by foreign adversaries to backdoor Windows and Linux systems. So it won’t be long before threat actors use the latest exploits in potential attacks.

Suggested Correction(s):
With flaws in VMware being exploited by threat actors on a frequent basis, it’s important that users of Aria Operations Networks apply the latest patches as soon as possible.