Patches Available for a Critical Vulnerability in VMware Aria Automation: CVE-2023-34063
[Update] January 18, 2024: “CISA Issued an Alert for CVE-2023-34063 in VMware Aria Automation”
VMware has addressed a critical vulnerability affecting Aria Automation that, if exploited, could result in unauthorized access to remote workflows.
VMware Aria Automation is an infrastructure automation platform, enabling organizations to control and secure self-service multi-cloud environments through event-driven state management. With a focus on governance and DevOps-based delivery, it guarantees a modern and secure approach to infrastructure management.
What is the New Vulnerability in VMware Aria Automation About?
The vulnerability, tracked as CVE-2023-34063, has a CVSS score of 9.9, representing its critical severity. If successfully exploited, it could result in unauthorized access to remote organizations and workflows.
The impact of this vulnerability is notably high on Integrity and Availability, while its effect on the third element of the CIA triad, Confidentiality, is relatively low.
This vulnerability can be exploited by an authenticated attacker on the network with low privileges. Moreover, the attack complexity is low, and exploitation does not require user interaction, as indicated by its CVSS metrics.
Which Versions of VMware Aria Automation Are Affected? Which Versions Are Fixed?
The VMware Aria Automation versions impacted by CVE-2023-34064 are detailed below, accompanied by released patches for the specific versions:
- 8.14.x → 8.14.1 + Patch
- 8.13.x → 8.13.1 + Patch
- 8.12.x → 8.12.2 + Patch
- 8.11.x → 8.11.2 + Patch
- Cloud Foundation (Aria Automation) 5.x, 4.x → KB96136.
VMware Aria Automation versions 8.16 and later are not affected by the CVE-2023-34063 vulnerability.
To easily monitor your digital assets and receive alerts in the event of security threats or emerging vulnerabilities, you can utilize SOCRadar’s Attack Surface Management module.
Are There Any Workarounds Available?
At present, VMware has not provided any workarounds for the affected versions. It is recommended to refer to the official advisory and promptly apply the provided security patches as a preventive measure against the exploitation of the vulnerability.
CISA Issued an Alert for CVE-2023-34063 in VMware Aria Automation
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert, urging users and administrators to review VMware security advisories regarding the CVE-2023-34063 vulnerability in Aria Automation. The agency warns that threat actors could exploit this vulnerability to gain control of affected systems and strongly recommends applying necessary security measures to prevent its exploitation.
Are There Any Exploitation Activities Targeting Unpatched VMware Aria Automation Versions?
As of the current information provided by VMware, there is no documentation of exploitation activities targeting unpatched versions of VMware Aria Automation. However, given the critical nature of the vulnerability, organizations are strongly advised to remain vigilant for potential exploitation and its associated impacts.
Cyber threat actors have consistently demonstrated their focus on emerging exploits for vulnerabilities. In a previous SOCRadar blog post, we highlighted how a different vulnerability (CVE-2023-34051) that affected VMware Aria Operations garnered the attention of threat actors once its exploit was available.
You can stay informed about the latest updates on identified vulnerabilities by leveraging SOCRadar’s Vulnerability Intelligence. On the module, you can also monitor exploitation trends in the cyber threat landscape to stay proactive.
If an exploit becomes available for a specific vulnerability, this information can be accessed through the vulnerability’s intelligence card on the SOCRadar XTI platform.
Sign up for a free edition to experience the full capabilities of SOCRadar XTI in vulnerability management.