Just days after shipping a major security update to correct vulnerabilities in its Aria Operations for Networks product line, VMWare is warning that exploit code has been published online.
In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface.
The exploit code and root-cause analysis, released by SinSinology researcher Sina Kheirkhah, documents the problem as a case where VMWare “forgot to regenerate” SSH keys.
He pointed to VMWare’s CVE-2023-34039 advisory (CVSS severity score of 9.8 out of 10) that describes the bug as a network authentication bypass and warns that the issue is being mischaracterized.
“Interestingly, VMware has named this issue “Networks Authentication Bypass”, but in my opinion, nothing is getting bypassed. There is SSH authentication in place; however, VMware forgot to regenerate the keys,” Kheirkha said.
“After reading both descriptions, I realized that this must be a hardcoded SSH key issue,” he said, noting that VMware’s Aria Operations for Networks had hardcoded its keys from version 6.0 to 6.10.
“The main challenge in exploiting this vulnerability is that each version of VMware’s Aria Operations for Networks has a unique SSH key. To create a fully functional exploit, I had to collect all the keys from different versions of this product,” he said.
The release of exploit code for this flaw amplifies the urgency for network admins to apply the available patches from VMWare.
The VMware Aria Operations for Networks product, formerly vRealize Network Insight, is used by businesses to monitor, discover and analyze networks and applications to build secure network infrastructure across clouds.
VMware has struggled with security problems in the Aria Operations for Networks product, recently patching a gaping command injection flaw that was remotely exploited in the wild. The Aria Operations for Network product has also been tagged in the U.S. government’s CISA Known Exploited Vulnerabilities catalog.
Related: VMware Confirms Exploits Hitting Just-Patched Security Bug
Related: CISA Tells Agencies to Patch Roundcube, VMware Flaws
Related: VMware Plugs Critical Holes in Network Monitoring Tool
Related: Exploit Published for Major Flaw in VMware Logging Software
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
- CrowdStrike to Acquire Application Intelligence Startup Bionic
- HiddenLayer Raises Hefty $50M Round for AI Security Tech
- Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages
- Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty
- Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database
- AuthMind Scores $8.5M Seed Funding for ITDR Tech
- Zero-Day Summer: Microsoft Warns of Fresh New Software Exploits
Latest News
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
