VMware has released security updates to address five vulnerabilities in its Aria Operations (version 8.x) and Cloud Foundation (versions 4.x and 5.x utilizing Aria Operations). Formerly known as VMware vRealize Operations, Aria Operations is a robust cloud management and operations platform designed by VMware.
Technical Details :
Recent security assessments have revealed the identification of two distinct types of vulnerabilities,
1. Local privilege escalation vulnerability :
CVE-2024-38830 and CVE-2024-38831 have 7.8 CVSS scores, which allows the attacker to gain root-level privileges.
An attacker with local administrative privileges on VMware Aria Operations can exploit a specific flaw in its configuration to escalate the privileges to the root level. The vulnerability lies in improper handling of the application’s properties file. By modifying or injecting malicious commands into this file, the attacker can manipulate the application’s behavior or execute unauthorized commands with elevated privileges. This escalation effectively grants the attacker complete control over the system, allowing them to perform any operation, such as accessing sensitive data, modifying system settings, or deploying additional malicious tools. This makes the vulnerability particularly critical, as it could serve as a stepping stone for further exploitation within the network.
2. Stored cross-site scripting vulnerability :
CVE-2024-38832 (CVSS 7.1) affects VMware Aria Operations, allowing a threat actor with editing access to “views” to inject malicious scripts into the application. These scripts are stored on the server and executed in the browsers of users who access the compromised views. This can lead to unauthorized actions such as stealing session data, account hijacking, or executing arbitrary commands, posing a significant security risk. Applying the latest security patches is essential to mitigate this vulnerability.
CVE-2024-38833 (CVSS 6.8) affects VMware Aria Operations and occurs when an attacker with access to edit email templates injects malicious scripts into the templates. These scripts are stored on the server and execute when the affected email is generated or viewed, potentially allowing the attacker to steal sensitive data, hijack user sessions, or perform other unauthorized actions. Applying the latest patches is crucial to addressing this vulnerability.
CVE-2024-38834 (CVSS 6.5) impacts VMware Aria Operations and enables an attacker with cloud provider editing access to inject malicious scripts. These scripts are stored on the server and execute when users interact with the compromised cloud provider configuration, potentially leading to unauthorized actions such as data theft, session hijacking, or execution of arbitrary commands. It is recommended to apply the latest security updates to mitigate this vulnerability.
Fixes Introduced: VMware has resolved these vulnerabilities in Aria Operations version 8.18.2.
Users are strongly advised to promptly apply the available patches, as VMware has indicated that no workarounds are currently available.
Mitigate Critical Security Risks Before It’s Too Late with SanerNow
SecPod SanerNow CVEM is an all-in-one vulnerability and patch management solution that automatically detects, assesses, prioritizes, and remediates vulnerabilities across your network. Supporting all major operating systems and over 550 third-party applications, SanerNow ensures comprehensive protection.
With SanerNow, you can test patches before deployment, rollback if necessary, and fully automate the patching process, reducing the workload for your IT and security teams while keeping your systems secure.
