Exploit Code Published for Critical-Severity VMware Security Defect


In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface.

The exploit code and root-cause analysis, released by SinSinology researcher Sina Kheirkhah, documents the problem as a case where VMWare “forgot to regenerate” SSH keys.

He pointed to VMWare’s CVE-2023-34039 advisory (CVSS severity score of 9.8 out of 10) that describes the bug as a network authentication bypass and warns that the issue is being mischaracterized.