Preface: VMware Aria Operations for Networks (Formerly vRealize Network Insight).

Background: VMware Aria Operations for Networks (formerly vRealize Network Insight) delivers end-to-end network visibility converged across virtual and physical networks, planning and troubleshooting with assurance and verification that network and application connectivity performs towards business and security intents across Software Defined Data Center, VMware NSX, VMware SD-WAN™ by VeloCloud®, VMware Cloud on AWS, Azure, AWS, and Kubernetes.

Vulnerability details: Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8.

A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

Official announcement: For details, please refer to the link – https://www.vmware.com/security/advisories/VMSA-2023-0018.html

Resolution: Using VMware Aria Operations for Networks 6.11