9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.945 High
EPSS
Percentile
99.2%
Added: 09/06/2023
SSH Private keys are used for authentication for many devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker to gain remote, privileged access to the device.
Default SSH keys in VMware Aria Operations for Networks could allow a remote attacker with knowledge of the private key to gain access as the support user.
Apply the fix referenced in VMSA-2023-0018.
<https://www.vmware.com/security/advisories/VMSA-2023-0018.html>
<https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/>
Linux
Unix
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.945 High
EPSS
Percentile
99.2%