CVE-2023-34039

CRITICAL NUCLEI

VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2023-34039. PoCs published by sinsinology, Cyb3rEnthusiast, syedhafiz1234, including Metasploit module exploits/linux/ssh/vmware_vrni_known_privkey. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2023-34039 by attempting SSH authentication using static private keys for the 'support' user in VMWare Aria Operations for Networks. Successful authentication grants a root shell due to misconfigured sudo permissions.

Description

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

Exploits (6)

nomisec WORKING POC 96 stars
by sinsinology · poc
https://github.com/sinsinology/CVE-2023-34039

This PoC exploits CVE-2023-34039 by attempting SSH authentication using static private keys for the 'support' user in VMWare Aria Operations for Networks. Successful authentication grants a root shell due to misconfigured sudo permissions.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0 to 6.10
No auth needed
Prerequisites: Network access to the target's SSH port (default 22) · Presence of static SSH keys in the 'keys' directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by Cyb3rEnthusiast · poc
https://github.com/Cyb3rEnthusiast/CVE-2023-34039

This exploit leverages a static SSH key vulnerability in VMWare Aria Operations for Networks to achieve remote code execution. It iterates through a directory of SSH keys to attempt authentication as the 'support' user.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0 to 6.10
No auth needed
Prerequisites: Network access to the target SSH port · Presence of the static SSH keys in the 'keys' directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by syedhafiz1234 · poc
https://github.com/syedhafiz1234/CVE-2023-34039

This PoC exploits CVE-2023-34039 by attempting SSH authentication with static keys for the 'support' user in VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0 to 6.10. Successful authentication grants a root shell due to improper key regeneration.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: VMWare Aria Operations for Networks (vRealize Network Insight) 6.0-6.10
No auth needed
Prerequisites: Network access to the target's SSH port (default 22) · Presence of static SSH keys for 'support' or 'ubuntu' users
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by adminxb · poc
https://github.com/adminxb/CVE-2023-34039

This PoC exploits CVE-2023-34039, a pre-authentication login bypass vulnerability. It attempts to authenticate via SSH using a set of private keys found in a 'keys' directory, targeting the 'support' user on port 22.

Classification
Working Poc 80%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Unknown (likely a specific SSH implementation or configuration)
No auth needed
Prerequisites: Access to a set of private keys in a 'keys' directory · Target system with SSH exposed on port 22 · Presence of a 'support' user on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by CharonDefalt · poc
https://github.com/CharonDefalt/CVE-2023-34039

This PoC exploits CVE-2023-34039 by attempting SSH authentication with static private keys for the 'support' user in VMWare Aria Operations for Networks. Successful authentication grants a root shell due to improper key regeneration.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0 to 6.10
No auth needed
Prerequisites: Network access to the target SSH port · Presence of static SSH keys in the 'keys' directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by h00die, SinSinology, Harsh Jaiswal (@rootxharsh), Rahul Maini (@iamnoooob) · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/vmware_vrni_known_privkey.rb

This Metasploit module exploits CVE-2023-34039 by leveraging known SSH private keys in VMWare Aria Operations for Networks (vRealize Network Insight) to gain unauthorized root access as the 'support' user. It attempts authentication using pre-defined private keys for various versions.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0
No auth needed
Prerequisites: Network access to the target SSH port (22) · Target system must be running a vulnerable version of VMWare Aria Operations for Networks
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

VMWare Aria Operations - Remote Code Execution
CRITICALVERIFIEDby tarunKoyalwar

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.6395
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-327
Status published
Products (1)
vmware/aria_operations_for_networks 6.2.0 - 6.11.0
Published Aug 29, 2023
Tracked Since Feb 18, 2026