CVE-2024-22237 - Vulnerability Details - OpenCVE

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Aria Operations For Networks

Configuration 1 [-]

cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2024-0002.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-02-06T19:36:09.748Z

Updated: 2024-08-01T22:43:33.655Z

Reserved: 2024-01-08T16:40:16.141Z

Link: CVE-2024-22237

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-02-06T20:16:03.430

Modified: 2024-11-21T08:55:51.907

Link: CVE-2024-22237

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22237", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2024-01-08T16:40:16.141Z", "datePublished": "2024-02-06T19:36:09.748Z", "dateUpdated": "2024-08-01T22:43:33.655Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VMware Aria Operations for Networks", "vendor": "n/a", "versions": [{"status": "affected", "version": "VMware Aria Operations for Networks 6.x"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. "}], "value": "Aria Operations for Networks contains a local privilege escalation vulnerability.\u00a0A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. "}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Local Privilege Escalation vulnerability", "lang": "en"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-02-06T19:36:09.748Z"}, "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:33.655Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D83DFCC-0942-4839-A9D5-42939551950B", "versionEndIncluding": "6.12.0", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Aria Operations for Networks contains a local privilege escalation vulnerability.\u00a0A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. "}, {"lang": "es", "value": "Aria Operations for Networks contiene una vulnerabilidad de escalada de privilegios local. Un usuario de consola con acceso a Aria Operations for Networks puede aprovechar esta vulnerabilidad para escalar privilegios y obtener acceso ra\u00edz al sistema."}], "id": "CVE-2024-22237", "lastModified": "2024-11-21T08:55:51.907", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@vmware.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-06T20:16:03.430", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}