VMware Releases Security Advisory for Aria Operations for Networks - 20240208002

Overview

VMware released a security advisory to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

What is vulnerable?

Product(s) Affected	Summary	Severity	CVSS
Aria Operations for Networks
- Local Privilege Escalation vulnerability (CVE-2024-22237)		High	7.8
- Cross Site Scripting Vulnerability (CVE-2024-22238)		Medium	6.4
- Local Privilege Escalation vulnerability (CVE-2024-22239)		Medium	5.3
- Local File Read vulnerability (CVE-2024-22240)		Medium	4.9

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):

• VMware Aria Operations for Networks

Additional References

• CISA - VMware Releases Security Advisory for Aria Operations for Networks