Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.4955
VMware Aria Operations for Networks updates address multiple
vulnerabilities. (CVE-2023-34039, CVE-2023-20890)
30 August 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Aria Operations for Networks
Publisher: VMware
Operating System: Network Appliance
Resolution: Patch/Upgrade
CVE Names: CVE-2023-34039 CVE-2023-20890
Original Bulletin:
https://www.vmware.com/security/advisories/VMSA-2023-0018.html
Comment: CVSS (Max): 9.8 CVE-2023-34039 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: VMware
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
1. Impacted Products
o Aria Operations for Networks
2. Introduction
Multiple vulnerabilities in Aria Operations for Networks
were responsibly reported to VMware. Updates are available to remediate these
vulnerabilities in affected VMware products.
3a. Aria Operations for Networks Authentication Bypass Vulnerability
(CVE-2023-34039)
Description
Aria Operations for Networks contains an Authentication Bypass vulnerability
due to a lack of unique cryptographic key generation. VMware has evaluated the
severity of this issue to be in the critical severity range with a maximum
CVSSv3 base score of 9.8.
Known Attack Vectors
A malicious actor with network access to Aria Operations for Networks could
bypass SSH authentication to gain access to the Aria Operations for Networks
CLI.
Resolution
To remediate CVE-2023-34039 apply the updates listed in the 'Fixed Version'
column of the 'Response Matrix' below.
Workarounds
None.
Additional Documentation
None.
Notes
Aria Operations for Networks collectors are impacted by CVE-2023-34039,
however, upgrading the platform appliance remediates this issue.
Acknowledgements
VMware would like to thank Harsh Jaiswal and Rahul Maini at ProjectDiscovery
Research for reporting this issue to us.
3b. Aria Operations for Networks Arbitrary File Write Vulnerability
(CVE-2023-20890)
Description
Aria Operations for Networks contains an arbitrary file write vulnerability.
VMware has evaluated the severity of this issue to be in the important severity
range with a maximum CVSSv3 base score of 7.2.
Known Attack Vectors
An authenticated malicious actor with administrative access to VMware Aria
Operations for Networks can write files to arbitrary locations resulting in
remote code execution.
Resolution
To remediate CVE-2023-20890 apply the updates listed in the 'Fixed Version'
column of the 'Response Matrix' below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Sina Kheirkhah (@SinSinology) of Summoning Team
(@SummoningTeam) for reporting this issue to us.
Response Matrix
Product Version Running CVE Identifier CVSSv3 Severity Fixed Workarounds Additional
On Version Documentation
VMware
Aria CVE-2023-34039,
Operations 6.11 Any CVE-2023-20890 N/A N/A Unaffected N/A N/A
for
Networks
VMware
Aria 6.x Any CVE-2023-34039, 9.8, critical KB94152 None N/A
Operations CVE-2023-20890 7.2
Networks
4. References
Fixed Version(s) and Release Notes:
VMware Aria Operations for Networks 6.11 Release Notes
Downloads and Documentation
https://customerconnect.vmware.com/en/downloads/info/slug/
infrastructure_operations_management/vmware_aria_operations_for_networks/6_x
https://docs.vmware.com/en/VMware-Aria-Operations-for-Networks/services/rn/
vmware-aria-operations-for-networks-release-notes/index.html
VMware Aria Operations for Networks 6.x HF: KB94152
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20890
FIRST CVSSv3 Calculator:
CVE-2023-34039: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/
PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-20890: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/
PR:H/UI:N/S:U/C:H/I:H/A:H
5. Change Log
2023-08-29 VMSA-2023-0018
Initial security advisory.
6. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZO7b18kNZI30y1K9AQh9+A/+IQCrE4JPUDa2pmKDzp4ZxVf4Srk2mIuu
AFfOZ6l/KrwhtpSRqYDq9nSognEVudLDSKQ7KLxYVKntat9ZCYoU55Svn7WCTh7b
WK5dHfK0b5+jVwsp+1VyDa9Ql5PLXbwA5JvWzID1Y1skyfn4dfWPZVi+3ckqyyyZ
RLDlwg2lWOlYJWznFQT8X3WKsIfnQbvROlj2Ls/9rkmz5xVWXTbLkieeEqUKeeKp
g19a67qhvtolSM+cJukkfZES3sF/FN+/Mg9XrNTkYEaMtIsPEyCs1vb5DvSYgDff
wmxkoNtxYpjQnK9g1M6DbS0WnwBbgTO4409GZB+tXzWMAOVavzZT7Rbqr+7Si62Y
enQdMUhp6l8x8dekEcP5VXVstRa1pMnB6UAruwBijEYhNtm6hlGetwsY1S6JbJld
EOYNrYR8d6zSUCXJ0i5m3kr7fD5yAl6xO++OtvLMz3/Cy3yXp0g9qflrTi4IjuOO
3nczLrPujuoDzkZE2ZV6bMP+LNeU40RFP46YZwVdz0CThsN1xdkqPzhDy//NqLhh
uRELk19e2z8DHkZDWQfvi5od4NSK3rHVX7qy9gTAztLvOf5yS1W3faMqe/lLtwM0
ey8FaRf17MfpX+UYD/aa810ShvVUkidJwan35rvOOJJylMNRVVVla1C6RhhPLwt1
vhO6HRpgGLI=
=3FbV
-----END PGP SIGNATURE-----