VMware Aria Operations for Networks recently exposed a high-risk authentication vulnerability that allows remote attackers to bypass SSH authentication and access dedicated terminals.
Note: VMware Aria is a suite for managing and monitoring virtualized environments and hybrid clouds, supporting IT automation, log management, analysis generation, network visibility, security and capacity planning, and comprehensive operational management.
Discovered by experts at ProjectDiscovery Research, the vulnerability is tracked as CVE-2023-34039, has a Danger Score of 9.8 out of 10 on CVSS v3, and is rated “Critical.”
VMware released a security advisory yesterday stating that the vulnerability exists in all Aria 6.x branch releases. The official stated that the current solution is to upgrade to version 6.11 or install the KB94152 patch on the previous version.