CVE-2023-34039

CRITICAL NUCLEI

VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure

Title source: metasploit

Description

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

Exploits (6)

nomisec WORKING POC 96 stars
by sinsinology · poc
https://github.com/sinsinology/CVE-2023-34039
nomisec WORKING POC 3 stars
by Cyb3rEnthusiast · poc
https://github.com/Cyb3rEnthusiast/CVE-2023-34039
nomisec WORKING POC 1 stars
by syedhafiz1234 · poc
https://github.com/syedhafiz1234/CVE-2023-34039
nomisec WORKING POC
by adminxb · poc
https://github.com/adminxb/CVE-2023-34039
nomisec WORKING POC
by CharonDefalt · poc
https://github.com/CharonDefalt/CVE-2023-34039
metasploit WORKING POC EXCELLENT
by h00die, SinSinology, Harsh Jaiswal (@rootxharsh), Rahul Maini (@iamnoooob) · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/vmware_vrni_known_privkey.rb

Nuclei Templates (1)

VMWare Aria Operations - Remote Code Execution
CRITICALVERIFIEDby tarunKoyalwar

References (3)

Scores

CVSS v3 9.8
EPSS 0.9317
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-327
Status published
Products (1)
vmware/aria_operations_for_networks 6.2.0 - 6.11.0
Published Aug 29, 2023
Tracked Since Feb 18, 2026