VMSA-2024-0004

vmware logo header

Moderate


VMSA-2024-0004

6.7

2024-02-20

2024-02-20 (Initial Advisory)

CVE-2024-22235

VMware Aria Operations updates address local privilege escalation vulnerability. (CVE-2024-22235)

1. Impacted Products



  • VMware Aria Operations (formerly vRealize Operations)
  • VMware Cloud Foundation (VMware Aria Operations)

2. Introduction



A local privilege escalation vulnerability affecting Aria Operations was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

3. Local Privilege Escalation vulnerability (CVE-2024-22235)

Description



VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Moderate Severity Range with a maximum CVSSv3 base score of 6.7.

Known Attack Vectors



A malicious actor with administrative access to the local system can escalate privileges to ‘root’.

Resolution



To remediate CVE-2024-22235 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Workarounds



None.

Additional Documentation



None.

Notes



None.

Acknowledgements



VMware would like to thank thiscodecc of MoyunSec Vlab and Bing for reporting this issue to us.

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Aria Operations
8.16
Any
CVE-2024-22235
N/A
N/A

Unaffected
N/A
N/A
VMware Aria Operations
8.x
Any
CVE-2024-22235
moderate

N/A
N/A
VMware Cloud Foundation (VMware Aria Operations)
5.x
Any
CVE-2024-22235
moderate

N/A
N/A
VMware Cloud Foundation (VMware Aria Operations)
4.x
Any
CVE-2024-22235
moderate

N/A
N/A

4. References

5. Change Log



2024-02-20 VMSA-2024-0004

Initial security advisory.

6. Contact



E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055 

VMware Security Advisories
https://www.vmware.com/security/advisories 

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html 

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html 

VMware Security & Compliance Blog  
https://blogs.vmware.com/security 

Twitter
https://twitter.com/VMwareSRC

 

Copyright 2024 Broadcom. All rights reserved.

Read full article (vmware.com)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Total
0
Shares
Leave a Reply
Previous Post
citrix logo header

Citrix Audio Diagnostic Tool

Next Post
citrix logo header

How to upgrade the SQL Server Express LocalDB (LHC) on the controllers

Related Posts