VMware Security Update – 27 September 2023

By /
  • 239/2023
  • Medium

VMware has released a security update to address a vulnerability that affects Aria Operations.

The addressed vulnerability could allow the local attacker with administrator privileges to gain ‘root’ privileges on the affected system.

VMware Aria Operations Privilege Escalation Vulnerability (CVE-2023-34043):

  • CVSS: 6.7
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Consequences: Gain Privileges

Affected Versions:

  • VMware Aria Operations version 8.12.x.
  • VMware Aria Operations version 8.10.x.
  • VMware Aria Operations version 8.6.x.
  • VMware Cloud Foundation (VMware Aria Operations) version 5.x.
  • VMware Cloud Foundation (VMware Aria Operations) version 4.x.
Vulnerabilities

CVE-2023-34043

Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

VMware Security Advisory

References

VMware Security Advisory