VMware's recently patched critical Aria Operations for Networks vulnerability, tracked as CVE-2023-34039, had its proof-of-concept exploit code published, reports The Hacker News.
Such a flaw, which VMware noted could have been exploited to evade SSH authentication and facilitate Aria Operations for Networks CLI compromise, stems from a bash script with the "refresh_ssh_keys()" method, according to Summoning Team researcher Sina Kheirkhah, who released the PoC exploit code.
"There is SSH authentication in place; however, VMware forgot to regenerate the keys. VMware's Aria Operations for Networks had hard-coded its keys from version 6.0 to 6.10," said Kheirkhah.
Patches for the vulnerability come amid fixes issued by VMware for a high-severity SAML token bypass bug, tracked as CVE-2023-20900, impacting various VMware Tools versions for Windows and Linux.
"A malicious actor with man-in-the-middle (MITM) network positioning in the virtual machine network may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations," said VMware.