Aria Operations for Networks Authentication Bypass Vulnerability
Aria Operations for Networks Authentication Bypass Vulnerability | |
CVE ID | CVE-2023-34039 |
Exploited in the wide | No |
Risk Rating\CVSS | 9.8 |
Associated Threat actor \Malware/campaign
| Still unknown |
User Interaction | None |
Affected Products |
Impacts all Aria 6.x branch versions |
Summary | Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. |
Analysis | The vulnerability considered as critical because of the possibility of remote code execution which can lead to data exfiltration, network disruption or malware installation. |
Patch/Mitigation |
The vendor urges their customers to upgrade to version 6.11 or apply the KB94152 patch on earlier releases. |