VMware Aria Operations for Networks Multiple vulnerabilities (CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240, CVE-2024-22241)
Multiple vulnerabilities in VMware Aria Operations for Networks (Formerly vRealize Network Insight) were reported to VMware under CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240 and CVE-2024-22241. Updates are available to remediate these vulnerabilities in affected VMware products.
1. Impacted Products
VMware Aria Operations for Networks (formerly vRealize Network Insight)
2a. Local Privilege Escalation vulnerability (CVE-2024-22237)
Description
Aria Operations for Networks contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
Known Attack Vectors:
A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
Why its Matter:
This vulnerability poses a risk of local privilege escalation, allowing unauthorized access to critical system functions.
Resolution:
To remediate CVE-2024-22237 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Acknowledgements:
Kudos to Mourad Barhi of Rabobank for contributing to the resolution of this issue.
2b. Cross Site Scripting Vulnerability (CVE-2024-22238)
Description
Aria Operations for Networks contains a cross site scripting vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.4.
Known Attack Vectors:
A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
Why it matters:
Cross-site scripting vulnerabilities can lead to the injection of malicious code, compromising user profiles and system integrity.
Resolution:
To remediate CVE-2024-22238 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Acknowledgements:
Issue reported by Kajetan Rostojek and Tomasz Holeksa.
2c. Local Privilege Escalation vulnerability (CVE-2024-22239)
Description:
Aria Operations for Networks contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Known Attack Vectors:
A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.
Why it matters:
This moderate-severity vulnerability allows console users to escalate privileges, albeit to regular shell access.
Resolution:
To remediate CVE-2024-22239 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Acknowledgements:
Once again, Mourad Barhi of Rabobank is credited for contributing to the identification and resolution of this vulnerability..
2d. Local File Read vulnerability (CVE-2024-22240)
Description:
Aria Operations for Networks contains a local file read vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.9.
Known Attack Vectors:
A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
Why it matters:
A potential avenue for unauthorized access to sensitive information, particularly concerning when exploited by an actor with admin privileges.
Resolution:
To remediate CVE-2024-22240 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Acknowledgements:
Issue reported by Rahul Maini and Harsh Jaiswal.
2e. Cross Site Scripting vulnerability (CVE-2024-22241)
Description
Aria Operations for Networks contains a cross site scripting vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.
Known Attack Vectors:
A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.
Why it matters:
Another XSS vulnerability, this time with the potential for a malicious payload injection into the login banner, posing a threat to user accounts.
Resolution:
To remediate CVE-2024-22241 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Acknowledgements:
The collaborative efforts of Kajetan Rostojek and Tomasz Holeksa of ING Hubs Poland are instrumental in addressing this vulnerability.
Response Matrix
Product | Version | Running | CVE | CVSSv3 | Severity | Fixed | Workarounds | Additional |
Aria | 6.12 | Any | CVE-2024-22237, | N/A | N/A | Unaffected | N/A | N/A |
Aria | 6.x | Any | CVE-2024-22237, | Important
| N/A | N/A |
Conclusion:
In the realm of cybersecurity, vigilance is key. The prompt identification and resolution of vulnerabilities in VMware Aria Operations for Networks underscore the commitment to providing secure solutions. As a user, it’s imperative to stay proactive by applying recommended patches promptly to fortify your network against potential threats.
These vulnerabilities were brought to light through collaborative efforts, emphasizing the collective responsibility we share in maintaining a secure digital landscape. By staying informed and taking proactive measures, you contribute to a safer online environment for yourself and the broader digital community. Remember, cybersecurity is a shared journey, and together, we can fortify our networks against emerging threats.