CVE-2024-38830

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:aria_operations::::::::
	cpe:2.3:a:vmware:cloud_foundation::::::::

History

No history.

Information

Published : 2024-11-26 12:15

Updated : 2025-05-14 16:43

NVD link : CVE-2024-38830

Mitre link : CVE-2024-38830

CVE.ORG link : CVE-2024-38830

JSON object : View

Products Affected

vmware

aria_operations
cloud_foundation

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2024-38830", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-11-26T12:15:18.413", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations."}, {"lang": "es", "value": "VMware Aria Operations contiene una vulnerabilidad de escalada de privilegios locales. Un agente malintencionado con privilegios administrativos locales puede activar esta vulnerabilidad para escalar privilegios al usuario ra\u00edz en el dispositivo que ejecuta VMware Aria Operations."}], "lastModified": "2025-05-14T16:43:34.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13E1C524-50BF-4B3E-9385-935660A1CC14", "versionEndExcluding": "8.18.2", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC8A0BB4-A21B-4914-8F4B-37D300A4BBB9", "versionEndIncluding": "5.2", "versionStartIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}