Alert essentials:
Exploited Critical Vulnerabilities in VMware Aria for Operations were revealed in June and August of 2023. The recommendation is to upgrade appliances to version 6.11.

Email Team

Detailed threat description:
Network monitoring tool Aria Operation for Networks has come under attack twice this summer. June 7th revealed critical weaknesses comprised of CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889. When two of these are combined, they allow unauthenticated threat actors to perform a remote code execution. By June 20th, exploitation was occurring in the wild.

Two security vulnerabilities were reported on August 29: CVE-2023-34039 and CVE-2023-20890. Both allow the bypass of authentication to gain remote code execution. On August 30th, it was reported that exploit code had been published.

Weaponization is expected to occur rapidly as these vulnerabilities are used to bypass SSH authentication, providing access to the Aria Operations for Networks CLI.

Impacts on healthcare organizations
Technology vital to patient care is maintained by network monitoring tools such as Aria.

Both series of vulnerabilities result in remote code execution after bypassing authentication. The June CVEs are currently being exploited in the wild, and the August flaws are expected to be weaponized quickly. Individually, each of these flaws can potentially cause interruptions to Aria Operations for Networks. Combined, they may be used to compromise the VM system.

A bad actor could also access the underlying system with the correct skill set. Once this has occurred, the hackers are likely to block legitimate access to the system or network, thus preventing the use of life-saving technology.

Affected products / versions

  • 6.x

CVE

  • CVE-2023-20887
  • CVE-2023-20888
  • CVE-2023-20889
  • CVE-2023-20890
  • CVE-2023-34039

KBs

  • KB92684


Recommendations

Engineering recommendations:

  • Be sure VMware Aria Operations for Network appliances are using version 6.11

Leadership / program recommendations:

  • Verify all VMware products are on a routine update schedule

Fortified recommends applying patches and updates where possible and only after adequate testing in a development environment to ensure stability and compliance with organizational change management policies.

 

References: