Multiple vulnerabilities affecting VMware Aria Operations for Networks (CVE-2023-34039, CVE-2023-20890)

Imechapishwa: Aug 31, 2023 14:15

Advisory No:

Source:

Software Affected:

Overview

Description

Advisory No: TZCERT/SA/2023/08/31

Date of First Release: 31st August 2023

Source: VMWARE

Software Affected:  VMware Aria Operations for Networks

Overview:

VMware has released patches to address critical security vulnerabilities affecting Aria Operations for Networks. These vulnerabilities could allow an attacker to take control of the affected system.

Description:

The authentication bypass and arbitrary file write vulnerabilities tracked by CVE-2023-34039 and CVE-2023-20890 resulted from the lack of unique cryptgraphic key generation and unlimited access allowing privileged users to insidiously write files to any chosen location respectively.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

VMware has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.vmware.com/security/advisories/VMSA-2023-0018.html
  2. https://vulcan.io/blog/how-to-fix-cve-2023-34039-cve-2023-20890-in-aria-operations/

Impact

Solution

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Ripoti Tukio