Preface: CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.
Background: VMware Aria Operations for Networks is a pre-hardened and secured appliance. VMware Aria Operations for Networks is hardened against well-established and industry-accepted security benchmarks, for example: CIS. VMware Aria Operations for Networks also follows all security and privacy best practices defined by VMware Security Engineering, Communications, and Response (vSECR) team.
Vulnerability details: Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
Official details: Please refer to the link for details –https://docs.vmware.com/en/VMware-Aria-Operations-for-Networks/index.html