VMware Aria Operations for Networks default SSH key

Added: 09/06/2023

Background

SSH Private keys are used for authentication for many devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker to gain remote, privileged access to the device.

Problem

Default SSH keys in VMware Aria Operations for Networks could allow a remote attacker with knowledge of the private key to gain access as the support user.

Resolution

Apply the fix referenced in VMSA-2023-0018.

References

https://www.vmware.com/security/advisories/VMSA-2023-0018.html
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/

Platforms

Linux
Unix

Back to exploit index