image credit: Adobe Stock

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039)

August 30, 2023

VMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network monitoring tool.

About the vulnerabilities (CVE-2023-34039, CVE-2023-20890)

CVE-2023-34039 is a network bypass vulnerability arising as a result of a lack of unique cryptographic key generation. It could allow an attacker with network access to Aria Operations for Networks to bypass SSH authentication to gain access to the Aria Operations for Networks command-line interface (CLI).

Read More on Help Net Security