Get in Touch
VMware discloses critical SSH authentication vulnerability
Target Industry
Indiscriminate, opportunistic targeting.
Overview
VMware Aria Operations for Networks (formerly vRealize Network Insight) has been detected to be vulnerable to a critical-level authentication bypass vulnerability, tracked as CVE-2023-34039 (CVSSv3 score: 9.8). It is likely that exploitation of the flaw could result in data exfiltration from target systems, which could lead to the deployment of malware payloads as well as lateral movement opportunities for threat actors.
Update: 4th September 2023
A Proof-of-Concept (PoC) code has been released regarding the recently disclosed VMware’s Aria Operations for Networks analysis tool vulnerability, tracked as CVE-2023-34039.
Impact
Successful exploitation of CVE-2023-34039 could allow remote threat actors to bypass Secure Shell (SSH) authentication and access private endpoints, thereby compromising the integrity of data.
Vulnerability Detection
VMware has released a security update for CVE-2023-34039 relating to the affected product versions. As such, previous versions are now vulnerable to potential exploitation.
Affected Products
All VMware Aria 6.x branch versions.
Update: 4th September 2023
The PoC exploit code targets all VMware Aria Operations for Networks versions from 6.0 to 6.10.
Containment, Mitigations & Remediations
As of the time of writing, VMware has not provided any workarounds or mitigation strategies. As such, the only way to remediate the issue is to apply the version 6.11 upgrade or apply the KB94152 patch on earlier releases. The steps involved in the upgrade application can be found at the VMware Customer Connect Webpage.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Threat Landscape
VMware occupies a significant proportion of the virtualisation market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, VMware products have become a prime target for threat actors. Due to the fact that virtual machines have become an integral aspect of both personal and business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive information contained therein.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Common Weakness Enumeration (CWE):
CWE-327 – Use of a Broken or Risky Cryptographic Algorithm
Further Information
