Share
## https://sploitus.com/exploit?id=SAINT:F30ED77BCB840A5D52D8794AF93D6B3E
Added: 09/06/2023  


### Background

SSH Private keys are used for authentication for many devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker to gain remote, privileged access to the device. 

### Problem

Default SSH keys in VMware Aria Operations for Networks could allow a remote attacker with knowledge of the private key to gain access as the support user. 

### Resolution

Apply the fix referenced in VMSA-2023-0018. 

### References

https://www.vmware.com/security/advisories/VMSA-2023-0018.html   
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/   


### Platforms

Linux  
Unix