Published On: Aug 31, 2023 14:15
Advisory No:
Source:
Software Affected:
Advisory No: TZCERT/SA/2023/08/31
Date of First Release: 31st August 2023
Source: VMWARE
Software Affected: VMware Aria Operations for Networks
Overview:
VMware has released patches to address critical security vulnerabilities affecting Aria Operations for Networks. These vulnerabilities could allow an attacker to take control of the affected system.
Description:
The authentication bypass and arbitrary file write vulnerabilities tracked by CVE-2023-34039 and CVE-2023-20890 resulted from the lack of unique cryptgraphic key generation and unlimited access allowing privileged users to insidiously write files to any chosen location respectively.
Impact:
Successful exploitation of this vulnerability may allow the attacker to control of the affected system.
Solution:
VMware has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
References:
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.