Home / Threat Intelligence bulletins / VMware discloses critical SSH authentication vulnerability 

Target Industry 

Indiscriminate, opportunistic targeting.  


VMware Aria Operations for Networks (formerly vRealize Network Insight) has been detected to be vulnerable to a critical-level authentication bypass vulnerability, tracked as CVE-2023-34039 (CVSSv3 score: 9.8). It is likely that exploitation of the flaw could result in data exfiltration from target systems, which could lead to the deployment of malware payloads as well as lateral movement opportunities for threat actors. 

Update: 4th September 2023

A Proof-of-Concept (PoC) code has been released regarding the recently disclosed VMware’s Aria Operations for Networks analysis tool vulnerability, tracked as CVE-2023-34039.


Successful exploitation of CVE-2023-34039 could allow remote threat actors to bypass Secure Shell (SSH) authentication and access private endpoints, thereby compromising the integrity of data. 

Vulnerability Detection 

VMware has released a security update for CVE-2023-34039 relating to the affected product versions. As such, previous versions are now vulnerable to potential exploitation. 

Affected Products 

All VMware Aria 6.x branch versions. 

Update: 4th September 2023

The PoC exploit code targets all VMware Aria Operations for Networks versions from 6.0 to 6.10.

Containment, Mitigations & Remediations 

As of the time of writing, VMware has not provided any workarounds or mitigation strategies. As such, the only way to remediate the issue is to apply the version 6.11 upgrade or apply the KB94152 patch on earlier releases. The steps involved in the upgrade application can be found at the VMware Customer Connect Webpage. 

Indicators of Compromise 

No specific Indicators of Compromise (IoCs) are available currently. 

Threat Landscape 

VMware occupies a significant proportion of the virtualisation market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, VMware products have become a prime target for threat actors. Due to the fact that virtual machines have become an integral aspect of both personal and business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive information contained therein. 

Threat Group 

No attribution to specific threat actors or groups has been identified at the time of writing. 

Mitre Methodologies 

Common Weakness Enumeration (CWE): 

CWE-327 – Use of a Broken or Risky Cryptographic Algorithm 

Further Information 

VMware Advisory 

Summoning Team Blog


An Intelligence Terminology Yardstick to showing the likelihood of events