Multiple Flaws in VMware Aria Operations Let Attackers Bypass Authentication
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
As per reports, VMware has been reported with two critical vulnerabilities that could allow threat actors to perform an authentication bypass and gain arbitrary write access on VMware Aria Operations for Networks.
Enterprises use VMware Aria Operations for Networks to build a highly available, optimized, and secure infrastructure that performs across multiple cloud environments. VMware has acted quickly and addressed these vulnerabilities.
Authentication Bypass Vulnerability (CVE-2023-34039)
This vulnerability exists due to the lack of unique cryptographic key generation, leading to an SSH authentication bypass resulting in gaining access to the Command Line Interface of Aria Operations for Networks. The CVSS Score for this vulnerability is given as 9.8 ( Critical ).
Once threat actors gain access to the Command Line Interface of VMware Aria Operations for Networks, they can perform malicious actions on the application. However, there is no evidence for a publicly available exploit for this vulnerability.
Document
@import url('https://fonts.googleapis.com/css2?family=Poppins&display=swap'); @import url('https://fonts.googleapis.com/css2?family=Poppins&family=Roboto&display=swap'); *{ margin: 0; padding: 0; text-decoration: none; } .container{ font-family: roboto, sans-serif; width: 90%; border: 1px solid lightgrey; padding: 20px; background: linear-gradient(2deg,#E0EAF1 100%,#BBD2E0 100%); margin: 20px auto ; border-radius: 40px 10px; box-shadow: 5px 5px 5px #e2ebff; } .container:hover{ box-shadow: 10px 10px 5px #e2ebff;
} .container .title{ color: #015689; font-size: 22px; font-weight: bolder; } .container .title{ text-shadow: 1px 1px 1px lightgrey; } .container .title:after { width: 50px; height: 2px; content: ' '; position: absolute; background-color: #015689; margin: 20px 8px; } .container h2{ line-height: 40px; margin: 2px 0; font-weight: bolder; } .container a{ color: #170d51; } .container p{ font-size: 18px; line-height: 30px; } .container button{ padding: 15px; background-color: #4469f5; border-radius: 10px; border: none; background-color: #00456e ; font-size: 16px; font-weight: bold; margin-top: 5px; } .container button:hover{ box-shadow: 1px 1px 15px #015689; transition: all 0.2S linear; } .container button a{ color: white; } hr{ /* display: none; */ }
Get a Demo Start protecting your SaaS data in just a few minutes! With DoControl, you can keep your SaaS applications and data safe and secure by creating workflows tailored to your needs. It’s an easy and efficient way to identify and manage risks. You can mitigate the risk and exposure of your organization’s SaaS applications in just a few simple steps.
Try Free Demo
Arbitrary File Write Vulnerability (CVE-2023-20890)
This vulnerability can be exploited by a threat actor who has administrative privileges to VMware Aria Operations for networks. The threat actor can write files to arbitrary locations, which could result in remote code execution. The CVSS Score for this vulnerability has been given as 7.2 ( High ).
The component affected by this vulnerability has been reported as a File handler. As per the MITRE report, this has been categorized as CWE-287: Improper Authentication. There has been no evidence to propose the current exploitation of this vulnerability nor a publicly available exploit.
VMware Aria Operations for Networks prior to version 6.11 are not affected by these vulnerabilities. Users of these products are recommended to follow the Knowledge Base KB94152 released by VMware as part of fixing these vulnerabilities.
#Cyber_Security_News #Vulnerability #cyber_security #vulnerability
Оригинальная версия на сайте:
Multiple Flaws in VMware Aria Operations Let Attackers Bypass Authentication
Author: EswarAs per reports, VMware has been reported with two critical vulnerabilities that could allow threat actors to perform an authentication bypass and gain arbitrary write access on VMware Aria Operations for Networks.
Enterprises use VMware Aria Operations for Networks to build a highly available, optimized, and secure infrastructure that performs across multiple cloud environments. VMware has acted quickly and addressed these vulnerabilities.
Authentication Bypass Vulnerability (CVE-2023-34039)
This vulnerability exists due to the lack of unique cryptographic key generation, leading to an SSH authentication bypass resulting in gaining access to the Command Line Interface of Aria Operations for Networks. The CVSS Score for this vulnerability is given as 9.8 ( Critical ).
Once threat actors gain access to the Command Line Interface of VMware Aria Operations for Networks, they can perform malicious actions on the application. However, there is no evidence for a publicly available exploit for this vulnerability.
Document
@import url('https://fonts.googleapis.com/css2?family=Poppins&display=swap'); @import url('https://fonts.googleapis.com/css2?family=Poppins&family=Roboto&display=swap'); *{ margin: 0; padding: 0; text-decoration: none; } .container{ font-family: roboto, sans-serif; width: 90%; border: 1px solid lightgrey; padding: 20px; background: linear-gradient(2deg,#E0EAF1 100%,#BBD2E0 100%); margin: 20px auto ; border-radius: 40px 10px; box-shadow: 5px 5px 5px #e2ebff; } .container:hover{ box-shadow: 10px 10px 5px #e2ebff;
} .container .title{ color: #015689; font-size: 22px; font-weight: bolder; } .container .title{ text-shadow: 1px 1px 1px lightgrey; } .container .title:after { width: 50px; height: 2px; content: ' '; position: absolute; background-color: #015689; margin: 20px 8px; } .container h2{ line-height: 40px; margin: 2px 0; font-weight: bolder; } .container a{ color: #170d51; } .container p{ font-size: 18px; line-height: 30px; } .container button{ padding: 15px; background-color: #4469f5; border-radius: 10px; border: none; background-color: #00456e ; font-size: 16px; font-weight: bold; margin-top: 5px; } .container button:hover{ box-shadow: 1px 1px 15px #015689; transition: all 0.2S linear; } .container button a{ color: white; } hr{ /* display: none; */ }
Get a Demo Start protecting your SaaS data in just a few minutes! With DoControl, you can keep your SaaS applications and data safe and secure by creating workflows tailored to your needs. It’s an easy and efficient way to identify and manage risks. You can mitigate the risk and exposure of your organization’s SaaS applications in just a few simple steps.
Try Free Demo
Arbitrary File Write Vulnerability (CVE-2023-20890)
This vulnerability can be exploited by a threat actor who has administrative privileges to VMware Aria Operations for networks. The threat actor can write files to arbitrary locations, which could result in remote code execution. The CVSS Score for this vulnerability has been given as 7.2 ( High ).
The component affected by this vulnerability has been reported as a File handler. As per the MITRE report, this has been categorized as CWE-287: Improper Authentication. There has been no evidence to propose the current exploitation of this vulnerability nor a publicly available exploit.
VMware Aria Operations for Networks prior to version 6.11 are not affected by these vulnerabilities. Users of these products are recommended to follow the Knowledge Base KB94152 released by VMware as part of fixing these vulnerabilities.
#Cyber_Security_News #Vulnerability #cyber_security #vulnerability
Оригинальная версия на сайте:
