VMSA-2023-0020:VMware Aria Operations updates address local privilege escalation vulnerability.
23665
24 September 2023
24 September 2023
CLOSED
MEDIUM
6.7
CVE-2023-34043
1. Impacted Products
Aria Operations
2. Introduction
A local privilege escalation vulnerability affecting Aria Operations was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
3. Local Privilege Escalation Vulnerability (CVE-2023-34043)
Description
VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Moderate Severity Range with a maximum CVSSv3 base score of 6.7.
Known Attack Vectors
A malicious actor with administrative access to the local system can escalate privileges to 'root'.
Resolution
To remediate CVE-2023-34043 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank thiscodecc of MoyunSec Vlab and Bing for reporting this issue to us.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| VMware Aria Operations | 8.12.x | Any | CVE-2023-34043 | moderate | N/A | N/A | ||
| VMware Aria Operations | 8.10.x | Any | CVE-2023-34043 | moderate | N/A | N/A | ||
| VMware Aria Operations | 8.6.x | Any | CVE-2023-34043 | moderate | N/A | N/A | ||
| VMware Cloud Foundation (VMware Aria Operations) | 5.x | Any | CVE-2023-34043 | moderate | N/A | N/A | ||
| VMware Cloud Foundation (VMware Aria Operations) | 4.x | Any | CVE-2023-34043 | moderate | N/A | N/A |
4. References
8.12 Hot Fix 5: KB94625
8.10 Hot Fix 9: KB94624
8.6 Hot Fix 11: KB94623
VCF 4.x, 5.x: KB92148
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34043
FIRST CVSSv3 Calculator:
CVE-2023-34043: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
5. Change Log
2023-09-26 VMSA-2023-0020
Initial security advisory.
6. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
[email protected]
E-mail: [email protected]
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
Copyright 2023 VMware Inc. All rights reserved.