VMware has issued a cautionary notice regarding five moderate-to-important severity vulnerabilities found in Aria Operations for Networks, previously known as vRealize Network Insight. These vulnerabilities encompass local privilege escalation and cross-site scripting (XSS) vulnerabilities, potentially exposing sensitive information and allowing unauthorized code injection. To address these risks, users are strongly advised to upgrade to version 6.12.0 of VMware Aria Operations for Networks, providing crucial mitigation against potential exploitation.
The identified vulnerabilities include CVE-2024-22237, a local privilege escalation flaw allowing console users to gain regular root access, and CVE-2024-22238, an XSS vulnerability enabling malicious actors with admin privileges to inject harmful code into user profile configurations. Additionally, CVE-2024-22239 and CVE-2024-22241 highlight further local privilege escalation and XSS vulnerabilities, respectively, posing significant security concerns for affected users. Moreover, CVE-2024-22240 underscores the risk of local file read vulnerabilities, potentially granting unauthorized access to sensitive data.
By recommending an upgrade to version 6.12.0 of Aria Operations for Networks, VMware aims to provide users with enhanced security measures against these critical vulnerabilities. This proactive approach reflects VMware’s commitment to ensuring the safety and integrity of its network management solutions. As cyber threats continue to evolve, prompt mitigation through software updates is essential in safeguarding against potential exploitation and maintaining the resilience of enterprise network environments.Reference:
