CVE-2024-38830

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:aria_operations::::::::
	cpe:2.3:a:vmware:cloud_foundation::::::::

History

14 May 2025, 16:43

Type	Values Removed	Values Added
CPE		cpe:2.3:a:vmware:cloud_foundation:::::::: cpe:2.3:a:vmware:aria_operations::::::::
First Time		Vmware aria Operations Vmware Vmware cloud Foundation
References	~~() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199 -~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199 - Vendor Advisory

10 Feb 2025, 23:15

Type	Values Removed	Values Added
CWE		CWE-269

Information

Published : 2024-11-26 12:15

Updated : 2025-05-14 16:43

NVD link : CVE-2024-38830

Mitre link : CVE-2024-38830

CVE.ORG link : CVE-2024-38830

JSON object : View

Products Affected

vmware

cloud_foundation
aria_operations

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2024-38830", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@vmware.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-11-26T12:15:18.413", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199", "tags": ["Vendor Advisory"], "source": "security@vmware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations."}, {"lang": "es", "value": "VMware Aria Operations contiene una vulnerabilidad de escalada de privilegios locales. Un agente malintencionado con privilegios administrativos locales puede activar esta vulnerabilidad para escalar privilegios al usuario ra\u00edz en el dispositivo que ejecuta VMware Aria Operations."}], "lastModified": "2025-05-14T16:43:34.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13E1C524-50BF-4B3E-9385-935660A1CC14", "versionEndExcluding": "8.18.2", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC8A0BB4-A21B-4914-8F4B-37D300A4BBB9", "versionEndIncluding": "5.2", "versionStartIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@vmware.com"}