VMware Aria Operations for Networks up to 6.10 improper authentication
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.3 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in VMware Aria Operations for Networks up to 6.10 and classified as very critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. This vulnerability is listed as CVE-2023-34039. The attack may be initiated remotely. In addition, an exploit is available. The affected component should be upgraded.
Details
A vulnerability was found in VMware Aria Operations for Networks up to 6.10. It has been rated as very critical. This issue affects an unknown part. The manipulation with an unknown input leads to a improper authentication vulnerability. Using CWE to declare the problem leads to CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. Impacted is confidentiality, integrity, and availability.
The weakness was presented 08/29/2023 as VMSA-2023-0018. It is possible to read the advisory at vmware.com. The identification of this vulnerability is CVE-2023-34039 since 05/25/2023. Technical details are unknown but a public exploit is available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 07/01/2024).
The exploit is available at packetstormsecurity.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $25k-$100k.
Upgrading to version 6.11 eliminates this vulnerability. The upgrade is hosted for download at kb.vmware.com.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.vmware.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 9.3
VulDB Base Score: 9.8
VulDB Temp Score: 8.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 9.8
CNA Vector (VMware): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Aria Operations for Networks 6.11
Timeline
05/25/2023 🔍08/29/2023 🔍
08/29/2023 🔍
07/01/2024 🔍
Sources
Vendor: vmware.comAdvisory: VMSA-2023-0018
Status: Confirmed
CVE: CVE-2023-34039 (🔍)
GCVE (CVE): GCVE-0-2023-34039
GCVE (VulDB): GCVE-100-238283
scip Labs: https://www.scip.ch/en/?labs.20060413
Entry
Created: 08/29/2023 20:14Updated: 07/01/2024 03:08
Changes: 08/29/2023 20:14 (40), 09/22/2023 14:21 (1), 09/22/2023 14:24 (11), 07/01/2024 03:08 (22)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.