Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Published 2023-08-29 18:15:09
Updated 2024-01-09 02:32:50
Source VMware
View at NVD,   CVE.org

Products affected by CVE-2023-34039

Exploit prediction scoring system (EPSS) score for CVE-2023-34039

94.51%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2023-34039

  • VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
    Disclosure Date: 2023-08-29
    First seen: 2023-10-25
    exploit/linux/ssh/vmware_vrni_known_privkey
    VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "su

CVSS scores for CVE-2023-34039

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
VMware

CWE ids for CVE-2023-34039

References for CVE-2023-34039

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!