Skip to main content

CVE-2023-34039

Description

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

VMware
Severity: CRITICAL
CVE ID: CVE-2023-34039
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

sinsinology

VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)

Refrence: GitHub

CharonDefalt

VMware exploit

Refrence: GitHub

Cyb3rEnthusiast

Here it is, the VMware newest exploit

Refrence: GitHub

syedhafiz1234

CVE-2023-34039

Refrence: GitHub

adminxb

exp

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8