Multiple vulnerabilities in Aria Operations for Networks were responsibly reported to VMware.
Patches and updates are available to remediate these vulnerabilities in vRNI 6.2.0 / 6.3.0 / 6.4.0 / 6.5.1 / 6.6.0 / 6.7.0 / 6.8.0 / 6.9.0 / 6.10.0
CVE-2023-34039:
Aria Operations for Networks contains an Authentication Bypass Vulnerability
CVE-2023-20898:
Aria Operations for Networks contains an arbitrary file write vulnerability.
These vulnerabilities and their impacts on Aria Operations for Networks are documented in the following VMware Security Advisory (VMSA), please review this document before continuing:
https://www.vmware.com/security/advisories/VMSA-2023-0018.html
Security Vulnerability are fixed in Aria Operations for Networks version 6.11.0.
To mitigate the vulnerability, VMware highly recommends applying the below patches for Aria Operations for Networks versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10.
Patch for Aria Operations for Networks version 6.2.0
Patch Download / Build Number | Download the Patch here Build number: 1688977536 |
File Name | VMware-vRNI.6.2.0.P9.1688977536.patch.bundle |
Size | 257.67 MB |
MD5SUM | 8feaf7990529889b75e2f26a6ff3c376 |
SHA1SUM | ccd62c1b69b2876b0152d6971ee83f5909d7b8b7 |
SHA256SUM | b236d52fdcc94aa96ae0144e99b002f703730c065d996a4cf5021c7777eab802 |
Patch Download / Build Number | Download the Patch here Build number: 1688986302 |
File Name | VMware-vRNI.6.3.0.P6.1688986302.patch.bundle |
Size | 794.35 MB |
MD5SUM | e12ffa4a85c32eb662ee385f8d655a9c |
SHA1SUM | a698b62502324f70a5de2eb6cbedceb17f782383 |
SHA256SUM | fd06ebeb2ea72edb95c036a0c5595f4f7f96388cd7254c15b6aeb428d9b68258 |
Patch Download / Build Number | Download the Patch here Build number: 1689079386 |
File Name | VMware-vRNI.6.4.0.P10.1689079386.patch.bundle |
Size | 871.2 MB |
MD5SUM | a1c1787cf2851a97d4841bee41f2a43a |
SHA1SUM | 2f8c236a6c57d727f8fd678986f4cba49bb41af1 |
SHA256SUM | aa0512f11b3bce23151f907dffbbd960b3ab6d7908ebf436f48b525fca021d62 |
Patch Download / Build Number | Download the Patch here Build number: 1688974096 |
File Name | VMware-vRNI.6.5.1.P8.1688974096.patch.bundle |
Size | 813.15 MB |
MD5SUM | 6faf92058773f1fca8648ac347049491 |
SHA1SUM | 674a6db2b7fccf19dffc3f5d2c359ceae9bbaf46 |
SHA256SUM | 4b3c96cfaa9c15bd3a3e45ed6902f15c80d54bcbb4bf05015be8587467b2b60e |
Patch Download / Build Number | Download the Patch here Build number: 1688979729 |
File Name | VMware-vRNI.6.6.0.P6.1688979729.patch.bundle |
Size | 257.18 MB |
MD5SUM | 044a4e5698778b99dbec4df4e94d7f84 |
SHA1SUM | e3ee9f87b69cf64ad0bdd5aa48fa59c55b93a037 |
SHA256SUM | c12920451ef5b6a752b80c33ece088fe55525315b59f72b9d232632cc157894e |
Patch Download / Build Number | Download the Patch here Build number: 1688972173 |
File Name | VMware-vRNI.6.7.0.P6.1688972173.patch.bundle |
Size | 849.97 MB |
MD5SUM | ffe6ac2d299e8ace98b1a69a42568800 |
SHA1SUM | 7b57e80466aa95814968f7a956d9c60a9be4d2c4 |
SHA256SUM | 85fbf5c55aa1b37b9b18fb11671f12148e8af12c69d8bdf7b3f042b727552446 |
Patch Download / Build Number | Download the Patch here Build number: 1688989059 |
File Name | VMware-vRNI.6.8.0.P3.1688989059.patch.bundle |
Size | 749.4 MB |
MD5SUM | faa69c996a77e342fbdb93a86e07719d |
SHA1SUM | 6bff63080b4d1fbecd82ddeb802c55d861782377 |
SHA256SUM | 89bd71e10322a20b565815f5ce08b5a7ebfe760434338272c2cb97a4ef1dc00e |
Patch Download / Build Number | Download the Patch here Build number: 1688995771 |
File Name | VMware-vRNI.6.9.0.P5.1688995771.patch.bundle |
Size | 778.77 MB |
MD5SUM | f9e2bd4232235360bfc5a7e30e579469 |
SHA1SUM | 0f59ae05f1f4494a019744a3d83e5d87abcd51c9 |
SHA256SUM | ba46a8f51421c933daa91a0e7f6af9ae7dd8494ecce174d81bb087b4bbbacc66 |
Patch Download / Build Number | Download the Patch here Build number: 1692934256 |
File Name | VMware-AriaOpNetworks.6.10.0.P4.1692934256.patch.bundle |
Size | 803.15 MB |
MD5SUM | d982c28f394368316c244e0bb7e44c3a |
SHA1SUM | 73d9f0f3b5c3bcff09006fbe5e636fa0f9d16b07 |
SHA256SUM | 2c9b7c962f8830b60666c781fc66599f73cae1444e2c42444a85c978c37ea1f5 |
Note:
1. Above patches are cumulative of any previous patches for the same version.
2. Before you download and apply the security patch (s) for your Aria Operations for Network deployment, it is advised to perform clean up using steps mentioned in VMware KB: https://kb.vmware.com/s/article/88977 to avoid issues with patch upgrade failing with Insufficient disk space toast message.
Procedure to apply patch bundle via Aria Operations for Networks GUI:
All platform and the collector nodes are updated.
Procedure to apply patch bundle via vRSLCM / VMware-Aria-Suite-Lifecycle 8.12: GUI:
Refer to below mentioned documentations for the steps for VMware vRSLCM/VMware-Aria-Suite-Lifecycle 8.12 respectively:
1. VMware vRSLCM 8.10 and earlier:
https://docs.vmware.com/en/VMware-vRealize-Suite-Lifecycle-Manager/8.10/com.vmware.vrsuite.lcm.8.10.doc/GUID-DB30A1A6-6DD4-421A-BADF-3C60C21FF456.html
2. VMware-Aria-Suite-Lifecycle 8.12:
https://docs.vmware.com/en/VMware-Aria-Suite-Lifecycle/8.12/lifecycle-install-upgrade-manage/GUID-DB30A1A6-6DD4-421A-BADF-3C60C21FF456.html