Connect with us

Hi, what are you looking for?



Exploit Code Published for Critical-Severity VMware Security Defect

Exploit code and root-cause analysis released by SinSinology document the problem as a case where VMware “forgot to regenerate” SSH keys.


Just days after shipping a major security update to correct vulnerabilities in its Aria Operations for Networks product line, VMWare is warning that exploit code has been published online.

In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface.

The exploit code and root-cause analysis, released by SinSinology researcher Sina Kheirkhah, documents the problem as a case where VMWare “forgot to regenerate” SSH keys.

He pointed to VMWare’s CVE-2023-34039 advisory (CVSS severity score of 9.8 out of 10) that describes the bug as a network authentication bypass and warns that the issue is being mischaracterized.

“Interestingly, VMware has named this issue “Networks Authentication Bypass”, but in my opinion, nothing is getting bypassed. There is SSH authentication in place; however, VMware forgot to regenerate the keys,” Kheirkha said.

“After reading both descriptions, I realized that this must be a hardcoded SSH key issue,” he said, noting that VMware’s Aria Operations for Networks had hardcoded its keys from version 6.0 to 6.10.

“The main challenge in exploiting this vulnerability is that each version of VMware’s Aria Operations for Networks has a unique SSH key. To create a fully functional exploit, I had to collect all the keys from different versions of this product,” he said. 

Advertisement. Scroll to continue reading.

The release of exploit code for this flaw amplifies the urgency for network admins to apply the available patches from VMWare.

The VMware Aria Operations for Networks product, formerly vRealize Network Insight, is used by businesses to monitor, discover and analyze networks and applications to build secure network infrastructure across clouds.

VMware has struggled with security problems in the Aria Operations for Networks product, recently patching a gaping command injection flaw that was remotely exploited in the wild.  The Aria Operations for Network product has also been tagged in the U.S. government’s CISA Known Exploited Vulnerabilities catalog.

Related: VMware Confirms Exploits Hitting Just-Patched Security Bug

Related: CISA Tells Agencies to Patch Roundcube, VMware Flaws

Related: VMware Plugs Critical Holes in Network Monitoring Tool

Related: Exploit Published for Major Flaw in VMware Logging Software

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...