VMware Aria Operations Local Privilege Escalation Vulnerability
CVE-2024-38831

7.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Aria Operations
Vendor: CVE Published:; 26 November 2024

Summary

VMware Aria Operations is exposed to a local privilege escalation vulnerability that allows a malicious actor, who already possesses local administrative privileges, to escalate their privileges to that of a root user. This can be achieved by inserting malicious commands into the properties file on the appliance running VMware Aria Operations. Organizations using this product should review their permissions and implement appropriate security measures to prevent exploitation.

Affected Version(s)

VMware Aria Operations Any 8.x < 8.18.2

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
Jun 19, 2024