CVE-2024-22239

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-22239

CWE

https://cwe.mitre.org/data/definitions/269.html

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Aria_operations_for_networks	Vmware	6.0.0 (including)	6.12.0 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/233.html
https://cwe.mitre.org/data/definitions/58.html

References

https://www.vmware.com/security/advisories/VMSA-2024-0002.html
https://www.vmware.com/security/advisories/VMSA-2024-0002.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References