Virtualization expertise large VMware on Tuesday shipped a significant security replace to appropriate at the very least two vital vulnerabilities in its Aria Operations for Networks product line.
In a critical-severity advisory, VMware mentioned the issues might be exploited by malicious hackers to bypass SSH authentication and achieve entry to the Aria Operations for Networks command line interface.
VMware tagged the community authentication bypass problem as CVE-2023-34039 and utilized a CVSS severity rating of 9.8 out of 10.
“Aria Operations for Networks incorporates an authentication bypass vulnerability because of a scarcity of distinctive cryptographic key technology. VMware has evaluated the severity of this problem to be within the vital severity vary with a most CVSSv3 base rating of 9.8,” the corporate mentioned.
The VMware Aria Operations for Networks product, previously vRealize Community Perception, is utilized by enterprises to watch, uncover and analyze networks and functions to construct safe community infrastructure throughout clouds.
The corporate mentioned the Aria Operations for Networks collectors are impacted by the vulnerability however suggested clients that upgrading the platform equipment will remediate the problem.
VMware additionally shipped a patch for a second bug — CVE-2023-20890 — that permits an authenticated malicious actor with administrative entry to VMware Aria Operations for Networks to write down recordsdata to arbitrary places.
VMware has struggled with security issues within the Aria Operations for Networks product, just lately patching a gaping command injection flaw that was remotely exploited within the wild.
The Aria Operations for Community product has been tagged within the U.S. authorities’s CISA Identified Exploited Vulnerabilities catalog.
