VMware Aria Operations for Networks, previously known as vRealize Network Insight, recently witnessed a significant vulnerability. This flaw, identified as CVE-2023-34039, scored a concerning 9.8 out of 10 in terms of severity. It’s rooted in the absence of a unique cryptographic key generation, making it a pressing issue of authentication bypass.
To put it in simpler terms, if someone with malicious intent gains network access to Aria Operations, they could potentially override SSH authentication. This would grant them unrestricted access to the Aria Operations for Networks Command Line Interface (CLI).
The Origin of the VMware Aria Vulnerability
The Summoning Team’s expert, Sina Kheirkhah, delved deeper into this vulnerability post the release of VMware‘s patch. His investigation pointed to a bash script which houses a function named refresh_ssh_keys(). This function seems to overwrite existing SSH keys of two user roles, ‘support’ and ‘ubuntu’, present in the authorized_keys file.
This reveals a significant oversight by VMware: there was no regeneration of the SSH keys. Shockingly, from versions 6.0 to 6.10 of VMware’s Aria Operations for Networks, the keys had been hardcoded.
Other Notable Vulnerabilities
Apart from the aforementioned flaw, VMware recently rectified another vulnerability, CVE-2023-20890. This vulnerability could allow a person with administrative rights to write files wherever they wish, potentially executing code remotely.
To understand the gravity, imagine a malicious user utilizing the proof-of-concept (PoC) to gain admin privileges. With this level of access, they could exploit CVE-2023-20890 to run any code of their choice. This scenario underscores the absolute necessity for users to promptly apply available updates.
Moreover, VMware has released fixes for another high-level flaw, CVE-2023-20900, which is a SAML token signature bypass vulnerability. This flaw affects multiple VMware Tools versions on both Windows and Linux platforms. The potential risk here? A cyber attacker, positioned in the middle of a virtual machine network, might bypass the SAML token signature verification, granting them undue powers.
Acknowledging Peter Stöckli from the GitHub Security Lab, the following versions have been impacted and subsequently fixed:
- VMware Tools for Windows (12.x.x, 11.x.x, 10.3.x) – Patch available in 12.3.0.
- VMware Tools for Linux (10.3.x) – Rectified in version 10.3.26.
- Open-source iteration of VMware Tools for Linux (12.x.x, 11.x.x, 10.3.x) – Fix released in 12.3.0, awaiting distribution by Linux vendors.
Rise in Exploitation of Other Software
This surge in vulnerabilities isn’t unique to VMware. Fortinet FortiGuard Labs has raised alarms about the increased exploitation of Adobe ColdFusion vulnerabilities. Malicious actors are leveraging these flaws to launch cryptocurrency miners and hybrid bots like Satan DDoS (Lucifer) and RudeMiner (SpreadMiner). These bots are notorious for cryptojacking and initiating distributed denial-of-service (DDoS) attacks.
Furthermore, a backdoor titled ‘BillGates’ (or Setag) has been observed. This malicious software is adept at commandeering systems, pilfering confidential data, and kickstarting DDoS assaults.
Conclusion
The recent vulnerabilities in VMware Aria and other software emphasize the critical need for continuous vigilance in the cybersecurity domain. Organizations and individual users must prioritize timely updates and be wary of potential threats to ensure data safety and system integrity. Given the complexity of today’s digital landscape, proactive measures are the best defense.
As the cybersecurity landscape continues to evolve, it is essential to stay informed about emerging threats and developments. I would highly suggest you to visit our Cyber Safety section to enhance your defenses and stay ahead of evolving cyber threats.
If you found these cybersecurity updates valuable, don’t miss out on more exclusive content. Follow us on Twitter and Instagram to stay informed about emerging threats and developments. Join our community and gain access to the latest cybersecurity trends to bolster your defense against evolving risks.
