Vulnerability Management, Threat Intelligence

Critical VMware Aria flaw exploit released

VMware's recently patched critical Aria Operations for Networks vulnerability, tracked as CVE-2023-34039, had its proof-of-concept exploit code published, reports The Hacker News. Such a flaw, which VMware noted could have been exploited to evade SSH authentication and facilitate Aria Operations for Networks CLI compromise, stems from a bash script with the "refresh_ssh_keys()" method, according to Summoning Team researcher Sina Kheirkhah, who released the PoC exploit code. "There is SSH authentication in place; however, VMware forgot to regenerate the keys. VMware's Aria Operations for Networks had hard-coded its keys from version 6.0 to 6.10," said Kheirkhah. Patches for the vulnerability come amid fixes issued by VMware for a high-severity SAML token bypass bug, tracked as CVE-2023-20900, impacting various VMware Tools versions for Windows and Linux. "A malicious actor with man-in-the-middle (MITM) network positioning in the virtual machine network may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations," said VMware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.