Monday, September 9, 2024
Homecyber securityPoC Exploit Released for VMware Aria Authentication Bypass Vulnerability

PoC Exploit Released for VMware Aria Authentication Bypass Vulnerability

Published on

VMware Aria Operations for Network was discovered with an Authentication Bypass vulnerability previously, which had a critical severity. VMware has released patches for fixing this vulnerability. However, a Proof-of-concept and the patch file provided by VMware have been briefed.

CVE-2023-34039 was the CVE ID assigned to this vulnerability. According to VMware, the vulnerability exists due to the lack of unique cryptographic key generation that leads to an authentication bypass. After analyzing, it was discovered that this was not an authentication bypass vulnerability. Instead, this is a hardcoded SSH key issue. 

Proof Of Concept –CVE-2023-34039

As per reports shared to Cyber Security News, researchers analyzed the patch files released by VMware as part of the patch. There were multiple patch files, and one of them was a bash script.

- Advertisement - EHA

The bash script consisted of a function called “refresh_ssh_keys” which is used for overwriting the current SSH keys used by support and Ubuntu users in the VMware instance. The SSH keys were identical for both users, who were a part of the sudoers group with no limitations.

VMware Aria Operations for Network’s implementation contains two machines, Platform and Collector, which can be exploited due to this vulnerability.

In addition to this, VMware Aria Operations did not implement this refresh_ssh_keys function from version 6.0 to 6.10, giving threat actors a wide vector of attack space. All these versions have unique SSH keys collected by the researchers, and an exploit PoC has been released.

Exploit.py released (Source: Summoning Team)

As per the security advisory released by VMware, Users of VMware Aria Operations for Networks are recommended to upgrade to the latest version, 6.11, which has been confirmed to be unaffected by this vulnerability.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...