VMware Aria CISA warns customers to immediately patch products

As a result of the identification of “multiple” significant vulnerabilities in the network management tool, CISA has advised VMware users to deploy updates for Aria Operations for Networks immediately. The first vulnerability is an SSH authentication bypass weakness that was found by security researchers from ProjectDiscovery Research and reported to the company last week. It is tagged as CVE-2023-34039.

The vulnerability, according to VMware, was caused by a “lack of unique cryptographic key generation” and would allow threat actors to access the command line for the Aria tool without going through SSH authentication. According to VMware’s advisory, a hostile actor with network access to Aria Operations for Networks might get through SSH authentication and access the CLI.

VMware Aria CISA warns customers to immediately patch products

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

VMware Aria CISA warns customers to immediately patch products

04-Sep-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address