Local Privilege Escalation Vulnerability Affects VMware Aria Operations
CVE-2024-38830

7.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Aria Operations
Vendor: CVE Published:; 26 November 2024

Summary

VMware Aria Operations is susceptible to a local privilege escalation vulnerability that allows a malicious actor with existing local administrative privileges to escalate their access to the root user level on the appliance. This weakness poses a serious risk as it can lead to unauthorized control of the system, enabling the attacker to perform critical actions that can compromise the integrity and confidentiality of the underlying infrastructure. Organizations must assess their deployments and apply the necessary mitigations to protect their systems from potential exploitation.

Affected Version(s)

VMware Aria Operations Any 8.x < 8.18.2

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
Jun 19, 2024