Local Privilege Escalation Vulnerability in VMware Aria Operations
CVE-2023-34043

6.7MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Aria Operations
Vendor: CVE Published:; 27 September 2023

Summary

VMware Aria Operations is susceptible to a local privilege escalation vulnerability, enabling an attacker with administrative access to elevate their privileges to 'root'. This flaw can potentially allow malicious actors to gain full control over the system, heightening the security risks for environments using this product. Admins must apply the latest patches and follow recommended security practices to mitigate this issue.

Affected Version(s)

VMware Aria Operations VMware Aria Operations 8.12.x, 8.10.x, 8.6.x, VCF 5.x, 4.x

References

https://www.vmware.com/security/advisories/VMSA-2023-0020...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
May 25, 2023