Root security vulnerabilities in VMware Aria Operations closed
VMware's IT management platform Aria Operations is vulnerable. Admins should install the security patches as soon as possible.
(Image: Tatiana Popova/Shutterstock.com)
Due to several software vulnerabilities, attacks on VMware Aria Operations could be imminent. A protected version is available for download. The developers have closed a total of five gaps.
Various dangers
In a warning message, the developers state that two root vulnerabilities (CVE-2024-38830, CVE-2024-38831) are classified with a"high" threat level. If attacks are successful, attackers can gain root privileges. In such a position, it can be assumed that they can take complete control of systems. However, the hurdle for an attack is high and attackers must already have local admin rights.
VMware does not currently specify how such an attack could take place in detail and how admins can recognize PCs that have already been attacked.
The three remaining vulnerabilities (CVE-2024-38832"high", CVE-2024-38833"medium", CVE-2024-38834 "medium") enable stored XSS attacks. At this point, attackers with editing access to a cloud provider can execute their own code.
Videos by heise
Secure systems now
The developers state that the versions of Aria Operations 4.x, 5.x and 8.x are affected by the vulnerabilities. To protect computers from the attacks described, admins must install version 8.18.2. So far there are no reports of ongoing attacks. However, admins should not wait too long before installing it. There are currently no workarounds to protect systems if it is not possible to install the updates immediately.
Most recently, security vulnerabilities in the VMware applications Tanzu Spring, vCenter and HCX made headlines in October of this year.
(des)
