CVE-2023-20879

VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
CISA-ADPADP
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
vmwarecloud_foundation
4.0 ≤
𝑥
≤ 4.5
vmwarevrealize_operations
8.6.0
vmwarevrealize_operations
8.6.0:hotfix1
vmwarevrealize_operations
8.6.0:hotfix2
vmwarevrealize_operations
8.6.0:hotfix4
vmwarevrealize_operations
8.6.0:hotfix5
vmwarevrealize_operations
8.6.0:hotfix6
vmwarevrealize_operations
8.6.0:hotfix8
vmwarevrealize_operations
8.6.0:hotfix9
vmwarevrealize_operations
8.10.0
vmwarevrealize_operations
8.10.0:hotfix1
vmwarevrealize_operations
8.10.0:hotfix2
𝑥
= Vulnerable software versions
References
https://www.vmware.com/security/advisories/VMSA-2023-0009.html
https://www.vmware.com/security/advisories/VMSA-2023-0009.html