← back
CVE-2023-34039

CVE-2023-34039

CVSS 9.8 CRITICALEPSS 64.2%
Vexday Risk Score
77High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (97 stars) — exploitation code widely available.
CVSS 9.8EPSS 64.2%KEV nãoPoC públicaNuclei simMetasploit simPatch
Lifecycle
29 Aug 2023Metasploit module available
29 Aug 2023Published on NVD
01 Sep 2023Public PoC
Weaponization speed
3 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.