Two new vulnerabilities, one of which is critical, have been discovered in VMware’s Aria Operations for Networks software. The virtualisation vendor has released patches to counter the bugs, which could allow attackers to launch attacks remotely from inside infected systems.
The patches will secure any systems that include the vulnerability, VMware said. Aria Operations for Networks is a network monitoring tool produced by the company that helps users build secure network infrastructure across different clouds.
Vulnerabilities in VMware Aria Operations for Networks
The more severe flaw mentioned within the advisory, tracked as CVE-2023-34039, comes with a critical 9.8 CVSS score. It is an “authentication bypass vulnerability”, caused by “a lack of unique cryptographic key generation”. The flaw could be exploited by hackers to bypass SSH authentication cryptographic keys and gain access to the Aria Operations for Networks command line interface.
The second exploit, CVE-2023-20890, allows an authenticated, unauthorised intruder with administrative access to write files to arbitrary locations. It has a high CVSS score of 7.2.
Because Aria Operations for Networks straddles different clouds, the flaws could enable hackers to access infrastructure from multiple providers if left unpatched.
Researchers Harsh Jaiswal and Rahul Maini, from enterprise security platform ProjectDiscovery, have been credited with uncovering and reporting the issue.
VMware vulnerabilities can be damaging
VMware’s software is a common target for cybercriminals, and the same product, Aria Operations for Networks, was included in a warning released by US cybersecurity agency CISA in June after several critical vulnerabilities in the software were flagged
The CISA release urged users and administrators to apply the necessary updates, explaining that the vulnerabilities were “evaluated to fall within the critical severity range, as a malicious actor with network access may be able to perform a command injection attack resulting in remote code execution,” similar to the current vulnerabilities.
Earlier this year VMware’s ESXi software was continuously attacked with ransomware attacks that found their mark in droves of organisations, including Florida’s Supreme Court and Italy’s cybersecurity agency. The attacks were so successful they gained the nickname ESXiArgs. The final tally of victims of the ransomware wave was more than 3,800 according to the digital extortion tracking platform RansomWhere.
Paul Lewis, CISO at security company Nominet, told Tech Monitor at the time that virtual systems can act as an entry point to online networks. “Virtual machines are generally used for elastic, high-capacity systems and services,” Lewis said. “There are opportunities to potentially use this kind of technology to proliferate quicker because it’s all software, rather than boxes in data centres.”