Regarding CVE-2024-22237, VMware did not provide details. But do you think this design weakness is the similar as what you’ve seen before? (13th Feb 2023)

Preface: CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.

Background: VMware Aria Operations for Networks is a pre-hardened and secured appliance. VMware Aria Operations for Networks is hardened against well-established and industry-accepted security benchmarks, for example: CIS. VMware Aria Operations for Networks also follows all security and privacy best practices defined by VMware Security Engineering, Communications, and Response (vSECR) team.

Vulnerability details: Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.

Official details: Please refer to the link for details –https://docs.vmware.com/en/VMware-Aria-Operations-for-Networks/index.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.