CVE-2023-34039
First published: Tue Aug 29 2023(Updated: )
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Credit: security@vmware.com security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Aria Operations for Networks | >=6.2.0<6.11.0 | |
| >=6.2.0<6.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-34039?
CVE-2023-34039 is an Authentication Bypass vulnerability in Aria Operations for Networks due to a lack of unique cryptographic key generation.
How does CVE-2023-34039 affect VMware Aria Operations for Networks?
CVE-2023-34039 affects VMware Aria Operations for Networks version 6.2.0 to 6.11.0.
What is the severity of CVE-2023-34039?
CVE-2023-34039 has a severity rating of critical with a CVSS score of 9.8.
How can an attacker exploit CVE-2023-34039?
An attacker with network access can exploit CVE-2023-34039 to bypass SSH authentication and gain access to the Aria Operations for Networks command-line interface (CLI).
Are there any known fixes for CVE-2023-34039?
Yes, VMware has released a security advisory (VMSA-2023-0018) containing the necessary patches to address the Authentication Bypass vulnerability in Aria Operations for Networks.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/vmware
- canonical/vmware aria operations for networks
- version/vmware aria operations for networks/6.2.0