VMware, a leading cloud computing and virtualization software provider, has disclosed multiple critical vulnerabilities in its Aria Operations product. The most severe flaws could allow attackers to escalate privileges to the root user on affected systems.
The advisory, identified as VMSA-2024-0022, was released on November 26, 2024, and addresses five distinct vulnerabilities:
- CVE-2024-38830: A local privilege escalation vulnerability with a CVSSv3 score of 7.8.
- CVE-2024-38831: Another local privilege escalation vulnerability, also scoring 7.8 on the CVSSv3 scale.
- CVE-2024-38832: A stored cross-site scripting (XSS) vulnerability with a CVSSv3 score of 7.1.
- CVE-2024-38833: Another stored XSS vulnerability, scoring 6.8 on the CVSSv3 scale[1].
- CVE-2024-38834: A third stored XSS vulnerability with a CVSSv3 score of 6.5.
The two local privilege escalation vulnerabilities (CVE-2024-38830 and CVE-2024-38831) are particularly concerning.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
They allow malicious actors with local administrative privileges to elevate their access to root users on the appliance running VMware Aria Operations. This could potentially give attackers complete control over the affected systems.
The stored XSS vulnerabilities (CVE-2024-38832, CVE-2024-38833, and CVE-2024-38834) allow attackers with editing access to various components (views, email templates, and cloud provider settings) to inject malicious scripts. These scripts could then be executed when other users access the affected areas of the application.
The vulnerabilities impact VMware Aria Operations versions 8.x up to 8.18.1. Additionally, VMware Cloud Foundation versions 4.x and 5.x, which include VMware Aria Operations, are also affected.
Patches Released
VMware has released patches to address these vulnerabilities. Users are strongly advised to update to VMware Aria Operations version 8.18.2, which resolves all five reported issues. There are no workarounds available, making it crucial for organizations to apply the patches as soon as possible.
- Update Immediately: Organizations using VMware Aria Operations should prioritize updating to version 8.18.2.
- Access Control: Implement strict access controls to limit the number of users with administrative privileges.
- Monitor Systems: Closely monitor systems for any suspicious activities that could indicate exploitation attempts.
- Security Audits: Conduct thorough security audits to ensure no unauthorized changes have been made to the system.
VMware has credited several security researchers, including this codec of MoyunSec Vlab, Bing, and members of the Michelin CERT team, with responsibly reporting these vulnerabilities.
Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.