{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38830", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2024-06-19T22:32:07.790Z", "datePublished": "2024-11-26T11:49:16.781Z", "dateUpdated": "2025-02-10T22:19:20.956Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Any"], "product": "VMware Aria Operations", "vendor": "VMware", "versions": [{"lessThan": "8.18.2", "status": "affected", "version": "8.x", "versionType": "proprietary"}]}], "datePublic": "2024-11-26T11:10:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Aria Operations contains a local privilege escalation vulnerability.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.</span></span><br>"}], "value": "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-11-26T11:49:16.781Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"}], "source": {"discovery": "UNKNOWN"}, "title": "Local privilege escalation vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "affected": [{"vendor": "vmware", "product": "aria_operations", "cpes": ["cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.0", "status": "affected", "lessThan": "8.18.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-26T15:06:38.470450Z", "id": "CVE-2024-38830", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T22:19:20.956Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38830", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-26T15:06:38.470450Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "aria_operations", "versions": [{"status": "affected", "version": "8.0", "lessThan": "8.18.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T15:10:13.450Z"}}], "cna": {"title": "Local privilege escalation vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VMware", "product": "VMware Aria Operations", "versions": [{"status": "affected", "version": "8.x", "lessThan": "8.18.2", "versionType": "proprietary"}], "platforms": ["Any"], "defaultStatus": "unaffected"}], "datePublic": "2024-11-26T11:10:00.000Z", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Aria Operations contains a local privilege escalation vulnerability.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.</span></span><br>", "base64": false}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-11-26T11:49:16.781Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38830", "state": "PUBLISHED", "dateUpdated": "2025-02-10T22:19:20.956Z", "dateReserved": "2024-06-19T22:32:07.790Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-11-26T11:49:16.781Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations."}, {"lang": "es", "value": "VMware Aria Operations contiene una vulnerabilidad de escalada de privilegios locales. Un agente malintencionado con privilegios administrativos locales puede activar esta vulnerabilidad para escalar privilegios al usuario ra\u00edz en el dispositivo que ejecuta VMware Aria Operations."}], "id": "CVE-2024-38830", "lastModified": "2025-02-10T23:15:14.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2024-11-26T12:15:18.413", "references": [{"source": "security@vmware.com", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}