Privilege Escalation Vulnerability in VMware Avi Load Balancer Allows Root Access
CVE-2024-22264

7.2HIGH

Key Information:

Vendor: Vmware
Status: Vmware Avi Load Balancer
Vendor: CVE Published:; 8 May 2024

What is CVE-2024-22264?

The VMware Avi Load Balancer has a vulnerability that allows malicious actors, who have acquired admin access, to escalate their privileges. This flaw permits them to create, modify, execute, and delete files as a root user on the underlying host system. This unauthorized access can lead to a range of security issues, including data breaches and system manipulation. Organizations using VMware Avi Load Balancer should assess their systems for potential exposure to this vulnerability and implement necessary security measures to ensure data integrity and system stability.

Affected Version(s)

VMware Avi Load Balancer 22.1.x < 22.1.6

VMware Avi Load Balancer 30.x.x < 30.2.1

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2024
Vulnerability Reserved
Jan 8, 2024

Vmware

What is CVE-2024-22264?

Affected Version(s)

References

CVSS V3.1

Timeline