- 139/2024
- High
VMware has released a security update to address several vulnerabilities in VMware Avi Load Balancer.
The addressed vulnerabilities could allow the remote authenticated attacker to obtain sensitive information, or gain elevated privileges to create, modify, execute, and delete files as a root user on the affected system by sending a specially crafted request.
The addressed vulnerabilities:
1. VMware Avi Load Balancer Privilege Escalation (CVE-2024-22264):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Privileges
2. VMware Avi Load Balancer Information Disclosure (CVE-2024-22266):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
- CVE-2024-22264
- CVE-2024-22266
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.