Описание
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-34039
- https://www.vmware.com/security/advisories/VMSA-2023-0018.html
- http://packetstormsecurity.com/files/174452/VMWare-Aria-Operations-For-Networks-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/175320/VMWare-Aria-Operations-For-Networks-SSH-Private-Key-Exposure.html
Связанные уязвимости
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Уязвимость инструмента мониторинга сетей и приложений VMware Aria Operations for Networks (ранее vRealize Network Insight) связана с ошибками в коде генератора псевдослучайных чисел, позволяющая нарушителю повысить свои привилегии