Share
## https://sploitus.com/exploit?id=SAINT:A46144C15AAE6CFF6670C3DCA0F8458C
Added: 09/06/2023  


### Background

SSH Private keys are used for authentication for many devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker to gain remote, privileged access to the device. 

### Problem

Default SSH keys in VMware Aria Operations for Networks could allow a remote attacker with knowledge of the private key to gain access as the support user. 

### Resolution

Apply the fix referenced in [VMSA-2023-0018](<https://www.vmware.com/security/advisories/VMSA-2023-0018.html>). 

### References

<https://www.vmware.com/security/advisories/VMSA-2023-0018.html>  
<https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/>  


### Platforms

Linux  
Unix