VMware Aria Operations Local Privilege Escalation Vulnerability
CVE-2024-38831

7.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Aria Operations
Vendor: CVE Published:; 26 November 2024

What is CVE-2024-38831?

VMware Aria Operations is exposed to a local privilege escalation vulnerability that allows a malicious actor, who already possesses local administrative privileges, to escalate their privileges to that of a root user. This can be achieved by inserting malicious commands into the properties file on the appliance running VMware Aria Operations. Organizations using this product should review their permissions and implement appropriate security measures to prevent exploitation.

Affected Version(s)

VMware Aria Operations Any 8.x < 8.18.2

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
Jun 19, 2024

Vmware

What is CVE-2024-38831?

Affected Version(s)

References

CVSS V3.1

Timeline