### #VMwareSecurity #AriaOperations #PrivilegeEscalation
Summary: VMware has released patches to fix multiple vulnerabilities in its Aria Operations product, with the most critical allowing local privilege escalation. The vulnerabilities range from Important to Moderate severity, affecting various versions of the software.
Threat Actor: Unknown | malicious actor
Victim: VMware | VMware
Key Point :
- Vulnerabilities include CVE-2024-38830 and CVE-2024-38831, both allowing privilege escalation to root user.
- Severity ratings range from Important to Moderate, with CVE-2024-38830 scoring a CVSSv3 base score of 7.8.
- Stored cross-site scripting (XSS) vulnerabilities could enable unauthorized actions or data theft.
- Affected versions include VMware Aria Operations 8.x and VMware Cloud Foundation (4.x and 5.x).
- Users are advised to update to version 8.18.2 or later to mitigate these vulnerabilities.
- VMware acknowledges the contributions of security researchers from MoyunSec Vlab, Michelin CERT, and independent researchers.
VMware has recently issued patches to address multiple vulnerabilities affecting its Aria Operations product. The vulnerabilities, responsibly reported to VMware, range in severity from Important to Moderate, with the most severe potentially allowing for local privilege escalation.
One of the vulnerabilities, identified as CVE-2024-38830, could allow a malicious actor with local administrative privileges to escalate privileges to the root user on the appliance running VMware Aria Operations. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
Another Important severity vulnerability, CVE-2024-38831, could allow a malicious actor with local administrative privileges to insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.
The remaining vulnerabilities are related to stored cross-site scripting (XSS). These vulnerabilities could allow a malicious actor with various levels of access to inject malicious scripts, potentially leading to unauthorized actions or data theft.
The affected versions include VMware Aria Operations 8.x and VMware Cloud Foundation (4.x and 5.x). Users must update to version 8.18.2 or later to address these vulnerabilities.
The company has also expressed gratitude to the security researchers who reported these vulnerabilities, including individuals from MoyunSec Vlab, Michelin CERT, and independent researchers.
Related Posts:
Source: https://securityonline.info/vmware-aria-operations-hit-by-multiple-vulnerabilities