Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.4955 VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-34039, CVE-2023-20890) 30 August 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Aria Operations for Networks Publisher: VMware Operating System: Network Appliance Resolution: Patch/Upgrade CVE Names: CVE-2023-34039 CVE-2023-20890 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2023-0018.html Comment: CVSS (Max): 9.8 CVE-2023-34039 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: VMware Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- 1. Impacted Products o Aria Operations for Networks 2. Introduction Multiple vulnerabilities in Aria Operations for Networks were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. 3a. Aria Operations for Networks Authentication Bypass Vulnerability (CVE-2023-34039) Description Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8. Known Attack Vectors A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. Resolution To remediate CVE-2023-34039 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds None. Additional Documentation None. Notes Aria Operations for Networks collectors are impacted by CVE-2023-34039, however, upgrading the platform appliance remediates this issue. Acknowledgements VMware would like to thank Harsh Jaiswal and Rahul Maini at ProjectDiscovery Research for reporting this issue to us. 3b. Aria Operations for Networks Arbitrary File Write Vulnerability (CVE-2023-20890) Description Aria Operations for Networks contains an arbitrary file write vulnerability. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.2. Known Attack Vectors An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution. Resolution To remediate CVE-2023-20890 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds None. Additional Documentation None. Notes None. Acknowledgements VMware would like to thank Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) for reporting this issue to us. Response Matrix Product Version Running CVE Identifier CVSSv3 Severity Fixed Workarounds Additional On Version Documentation VMware Aria CVE-2023-34039, Operations 6.11 Any CVE-2023-20890 N/A N/A Unaffected N/A N/A for Networks VMware Aria 6.x Any CVE-2023-34039, 9.8, critical KB94152 None N/A Operations CVE-2023-20890 7.2 Networks 4. References Fixed Version(s) and Release Notes: VMware Aria Operations for Networks 6.11 Release Notes Downloads and Documentation https://customerconnect.vmware.com/en/downloads/info/slug/ infrastructure_operations_management/vmware_aria_operations_for_networks/6_x https://docs.vmware.com/en/VMware-Aria-Operations-for-Networks/services/rn/ vmware-aria-operations-for-networks-release-notes/index.html VMware Aria Operations for Networks 6.x HF: KB94152 Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34039 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20890 FIRST CVSSv3 Calculator: CVE-2023-34039: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/ PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-20890: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/ PR:H/UI:N/S:U/C:H/I:H/A:H 5. Change Log 2023-08-29 VMSA-2023-0018 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZO7b18kNZI30y1K9AQh9+A/+IQCrE4JPUDa2pmKDzp4ZxVf4Srk2mIuu AFfOZ6l/KrwhtpSRqYDq9nSognEVudLDSKQ7KLxYVKntat9ZCYoU55Svn7WCTh7b WK5dHfK0b5+jVwsp+1VyDa9Ql5PLXbwA5JvWzID1Y1skyfn4dfWPZVi+3ckqyyyZ RLDlwg2lWOlYJWznFQT8X3WKsIfnQbvROlj2Ls/9rkmz5xVWXTbLkieeEqUKeeKp g19a67qhvtolSM+cJukkfZES3sF/FN+/Mg9XrNTkYEaMtIsPEyCs1vb5DvSYgDff wmxkoNtxYpjQnK9g1M6DbS0WnwBbgTO4409GZB+tXzWMAOVavzZT7Rbqr+7Si62Y enQdMUhp6l8x8dekEcP5VXVstRa1pMnB6UAruwBijEYhNtm6hlGetwsY1S6JbJld EOYNrYR8d6zSUCXJ0i5m3kr7fD5yAl6xO++OtvLMz3/Cy3yXp0g9qflrTi4IjuOO 3nczLrPujuoDzkZE2ZV6bMP+LNeU40RFP46YZwVdz0CThsN1xdkqPzhDy//NqLhh uRELk19e2z8DHkZDWQfvi5od4NSK3rHVX7qy9gTAztLvOf5yS1W3faMqe/lLtwM0 ey8FaRf17MfpX+UYD/aa810ShvVUkidJwan35rvOOJJylMNRVVVla1C6RhhPLwt1 vhO6HRpgGLI= =3FbV -----END PGP SIGNATURE-----