On Tuesday, VMware issued a high-severity bulletin addressing at least five security vulnerabilities in its Aria Operations product. These vulnerabilities could potentially allow malicious hackers to elevate privileges or conduct cross-site scripting attacks.
Details of the Vulnerabilities:
VMware’s VMSA-2024-0022 bulletin details the following vulnerabilities:
- CVE-2024-38830: Local privilege escalation vulnerability (CVSS 7.8). Exploitable by actors with local administrative privileges to gain root access on the appliance.
- CVE-2024-38831: Local privilege escalation vulnerability (CVSS 7.8). Enables malicious commands via properties file modifications, allowing privilege escalation to root.
- CVE-2024-38832: Stored cross-site scripting vulnerability (CVSS 7.1). Allows script injection by users with editing access to views.
- CVE-2024-38833: Stored cross-site scripting vulnerability (CVSS 6.8). Permits malicious script injection through email templates.
- CVE-2024-38834: Stored cross-site scripting vulnerability (CVSS 6.5). Targets cloud provider editing functionality for script injection.
Affected Products:
The vulnerabilities impact VMware Aria Operations (version 8.x) and VMware Cloud Foundation (versions 4.x and 5.x utilizing Aria Operations).
Urgent Patching:
VMware urges corporate users to apply the available patches immediately, noting that there are no available workarounds.
Target of Advanced Hacking Groups:
VMware virtualization technology products have been a major target for advanced hacking groups. The CISA Known Exploited Vulnerabilities (KEV) catalog includes multiple entries for VMware defects, including at least one for VMware Aria Operations.
