SAINT CorporationSAINT:F30ED77BCB840A5D52D8794AF93D6B3EVMware Aria Operations for Networks default SSH key
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.945 High
EPSS
Percentile
99.2%
Added: 09/06/2023
Background
SSH Private keys are used for authentication for many devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker to gain remote, privileged access to the device.
Problem
Default SSH keys in VMware Aria Operations for Networks could allow a remote attacker with knowledge of the private key to gain access as the support user.
Resolution
Apply the fix referenced in VMSA-2023-0018.
References
<https://www.vmware.com/security/advisories/VMSA-2023-0018.html>
<https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/>
Platforms
Linux
Unix
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.945 High
EPSS
Percentile
99.2%