CVE-2024-38830

Description

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

VMware / VMware Aria Operations8.x – 8.18.2

References

VENDOR_ADVISORYhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199