CVE-2024-38830 HIGH

CVE-2024-38830: Local privilege escalation vulnerability

Vendor Vmware
Product VMware Aria Operations
Published November 26, 2024
Last update February 10, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

Key dates

02Disclosure timeline

November 26, 2024 CVE published
February 10, 2025 Record updated