VMware Releases Security Advisory for Aria Operations for Networks - …

…20240208002

docs/advisories/20240208002-VMware-Releases-Security-Advisory-for-Aria-Operations-for-Networks.md

@@ -0,0 +1,26 @@
+# VMware Releases Security Advisory for Aria Operations for Networks - 20240208002
+
+## Overview
+
+VMware released a security advisory to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
+
+## What is vulnerable?
+
+| Product(s) Affected | Summary | Severity     | CVSS |
+| ------------------- | ------- | ------------ | ---- |
+| **Aria Operations for Networks** |         | |   |
+|  - Local Privilege Escalation vulnerability (CVE-2024-22237) |         | **High** | 7.8  |
+| - Cross Site Scripting Vulnerability (CVE-2024-22238) |         | **Medium** | 6.4 |
+| - Local Privilege Escalation vulnerability (CVE-2024-22239) |         | **Medium** | 5.3  |
+| - Local File Read vulnerability (CVE-2024-22240) |         | **Medium** | 4.9  |
+
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [VMware Aria Operations for Networks](https://www.vmware.com/security/advisories/VMSA-2024-0002.html)
+
+## Additional References
+
+- [CISA - VMware Releases Security Advisory for Aria Operations for Networks](https://www.cisa.gov/news-events/alerts/2024/02/07/vmware-releases-security-advisory-aria-operations-networks)