Aria Operations For Networks
CVE-2023-34039
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
AnalysisAI
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-327. Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. Affected products include: Vmware Aria Operations For Networks.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Aria Operations For Networks
View allAria Operations for Networks contains a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulner
Aria Operations for Networks contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this v
Aria Operations for Networks contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this v
Aria Operations for Networks contains an arbitrary file write vulnerability. Rated high severity (CVSS 7.2), this vulner
Aria Operations for Networks contains a local file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerabil
Aria Operations for Networks contains a cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulne
Aria Operations for Networks contains a cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulne
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today