Hand-Picked Top-Read Stories

Policy data may be lost when a CVAD site is upgraded from a previous version to 2402

8 views

Citrix VDA lose Registration after Cloud Connector Restart

9 views

Understanding Write Cache in Provisioning Services Server

26 views

Trending Tags

VMware Virtualisation

189 views

2 minute read

VMSA-2023-0020

27 September 2023

Moderate

Advisory ID:
VMSA-2023-0020

CVSSv3 Range:
6.7

Issue Date:
2023-09-26

Updated On:
2023-09-26 (Initial Advisory)

CVE(s):
CVE-2023-34043

Synopsis:
VMware Aria Operations updates address local privilege escalation vulnerability. (CVE-2023-34043)

1. Impacted Products

Aria Operations

2. Introduction

A local privilege escalation vulnerability affecting Aria Operations was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

3. Local Privilege Escalation Vulnerability (CVE-2023-34043)

Description

VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Moderate Severity Range with a maximum CVSSv3 base score of 6.7.

Known Attack Vectors

A malicious actor with administrative access to the local system can escalate privileges to ‘root’.

Resolution

To remediate CVE-2023-34043 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank thiscodecc of MoyunSec Vlab and Bing for reporting this issue to us.

Response Matrix

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware Aria Operations	8.12.x	Any	CVE-2023-34043	6.7	moderate	8.12 Hot Fix 5	N/A	N/A
VMware Aria Operations	8.10.x	Any	CVE-2023-34043	6.7	moderate	8.10 Hot Fix 9	N/A	N/A
VMware Aria Operations	8.6.x	Any	CVE-2023-34043	6.7	moderate	8.6 Hot Fix 11	N/A	N/A
VMware Cloud Foundation (VMware Aria Operations)	5.x	Any	CVE-2023-34043	6.7	moderate	KB92148	N/A	N/A
VMware Cloud Foundation (VMware Aria Operations)	4.x	Any	CVE-2023-34043	6.7	moderate	KB92148	N/A	N/A

4. References

8.12 Hot Fix 5: KB94625

8.10 Hot Fix 9: KB94624

8.6 Hot Fix 11: KB94623

VCF 4.x, 5.x: KB92148

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34043

FIRST CVSSv3 Calculator:

CVE-2023-34043: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

5. Change Log

2023-09-26 VMSA-2023-0020

Initial security advisory.

6. Contact

E-mail list for product security notifications and announcements:

http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com

E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC

Copyright 2023 VMware Inc. All rights reserved.

Read full article (vmware.com)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Previous Post

Citrix

The high MGMT CPU issue is preventing users access to Netscaler via GUI or SSH.

26 September 2023

Next Post

Citrix

Where are Citrix End User Licensing Agreements (EULA)

27 September 2023