Detections
Analytics
VMware Aria Automation Access Control Vulnerability (VMSA-2024-0001)
high Nessus Plugin ID 189244
Language:
Synopsis
A device management application running on the remote host is affected by an access control vulnerability.Description
The VMware Aria Automation application running on the remote host is prior to 8.11.0 Build 30127, 8.12.0 Build 31368, 8.13.0 Build 32385, 8.14.1 Build 33501, or 8.16.0.It is, therefore, affected by a missing access control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
Solution
Upgrade to VMware Aria Automation version 8.16 or later or apply the appropriate patch as advised in the vendor advisory.See Also
https://www.vmware.com/security/advisories/VMSA-2024-0001.html
Plugin Details
Severity: High
ID: 189244
File Name: vmware_aria_automation_VMSA_2024_0001.nasl
Version: 1.2
Type: combined
Family: Misc.
Published: 1/19/2024
Updated: 1/26/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: High
Base Score: 8.7
Temporal Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:C/A:C
CVSS Score Source: CVE-2023-34063
CVSS v3
Risk Factor: High
Base Score: 8.3
Temporal Score: 7.2
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:vmware:vrealize_automation
Exploit Ease: No known exploits are available
Patch Publication Date: 1/16/2024
Vulnerability Publication Date: 1/16/2024
Reference Information
CVE: CVE-2023-34063
VMSA: 2024-0001