Headline
CVE-2023-34043: VMSA-2023-0020
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root’.
Advisory ID: VMSA-2023-0020
CVSSv3 Range: 6.7
Issue Date: 2023-09-26
Updated On: 2023-09-26 (Initial Advisory)
CVE(s): CVE-2023-34043
Synopsis: VMware Aria Operations updates address local privilege escalation vulnerability. (CVE-2023-34043)
****1. Impacted Products****
****2. Introduction****
A local privilege escalation vulnerability affecting Aria Operations was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
****3. Local Privilege Escalation Vulnerability (CVE-2023-34043)****
VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Moderate Severity Range with a maximum CVSSv3 base score of 6.7.
A malicious actor with administrative access to the local system can escalate privileges to 'root’.
To remediate CVE-2023-34043 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
VMware would like to thank thiscodecc of MoyunSec Vlab and Bing for reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
VMware Aria Operations
8.12.x
Any
CVE-2023-34043
6.7
moderate
8.12 Hot Fix 5
N/A
N/A
VMware Aria Operations
8.10.x
Any
CVE-2023-34043
6.7
moderate
8.10 Hot Fix 9
N/A
N/A
VMware Aria Operations
8.6.x
Any
CVE-2023-34043
6.7
moderate
8.6 Hot Fix 11
N/A
N/A
VMware Cloud Foundation (VMware Aria Operations)
5.x
Any
CVE-2023-34043
6.7
moderate
KB92148
N/A
N/A
VMware Cloud Foundation (VMware Aria Operations)
4.x
Any
CVE-2023-34043
6.7
moderate
KB92148
N/A
N/A
****4. References****
****5. Change Log****
2023-09-26 VMSA-2023-0020
Initial security advisory.
****6. Contact****