Advisory No: TZCERT/SA/2023/08/31
Date of First Release: 31st August 2023
Software Affected: VMware Aria Operations for Networks
VMware has released patches to address critical security vulnerabilities affecting Aria Operations for Networks. These vulnerabilities could allow an attacker to take control of the affected system.
The authentication bypass and arbitrary file write vulnerabilities tracked by CVE-2023-34039 and CVE-2023-20890 resulted from the lack of unique cryptgraphic key generation and unlimited access allowing privileged users to insidiously write files to any chosen location respectively.
Successful exploitation of this vulnerability may allow the attacker to control of the affected system.
VMware has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.