CVE-2024-38831: VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.

Affected

3 ranges

Vendor	Product	Version range	Fixed in
vmware	aria_operations	>= 8.0 < 8.18.2	8.18.2
vmware	cloud_foundation	4.0 – 5.2	—
vmware	vmware_aria_operations	>= 8.x < 8.18.2	8.18.2

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cisa7.8HIGH