CVE-2023-34043 — Improper Privilege Management in Vmware Cloud Foundation

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 88.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Cloud Foundation Vmware Aria Operations Vmware Aria Operations

Timeline

PublishedSep 27

Description

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

▶NVDvmware/aria_operations8.10.0, 8.12.0, 8.6.0+2

▶CVEListV5vmware/vmware_aria_operationsVMware Aria Operations 8.12.x, 8.10.x, 8.6.x, VCF 5.x, 4.x

▶NVDvmware/cloud_foundation4.0 — 4.4+1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-535x-q4gm-f2m7: VMware Aria Operations contains a local privilege escalation vulnerability↗2023-09-27

▶

CVEList

CVE-2023-34043: VMware Aria Operations contains a local privilege escalation vulnerability↗2023-09-26

▶

📋Vendor Advisories

VMware

VMware Aria Operations updates address local privilege escalation vulnerability. (CVE-2023-34043)↗2023-09-26

▶