Описание
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Уязвимость инструмента мониторинга сетей и приложений VMware Aria Operations for Networks (ранее vRealize Network Insight) связана с ошибками в коде генератора псевдослучайных чисел, позволяющая нарушителю повысить свои привилегии
EPSS
9.8 Critical
CVSS3