From 2403f6a2819908535140061e21b113c53e0d271c Mon Sep 17 00:00:00 2001
From: Serki Ashagre <132869385+LSerki@users.noreply.github.com>
Date: Thu, 8 Feb 2024 15:40:09 +0800
Subject: [PATCH] VMware Releases Security Advisory for Aria Operations for
 Networks - 20240208002

---
 ...visory-for-Aria-Operations-for-Networks.md | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 docs/advisories/20240208002-VMware-Releases-Security-Advisory-for-Aria-Operations-for-Networks.md

diff --git a/docs/advisories/20240208002-VMware-Releases-Security-Advisory-for-Aria-Operations-for-Networks.md b/docs/advisories/20240208002-VMware-Releases-Security-Advisory-for-Aria-Operations-for-Networks.md
new file mode 100644
index 00000000..a663606b
--- /dev/null
+++ b/docs/advisories/20240208002-VMware-Releases-Security-Advisory-for-Aria-Operations-for-Networks.md
@@ -0,0 +1,26 @@
+# VMware Releases Security Advisory for Aria Operations for Networks - 20240208002
+
+## Overview
+
+VMware released a security advisory to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
+
+## What is vulnerable?
+
+| Product(s) Affected | Summary | Severity     | CVSS |
+| ------------------- | ------- | ------------ | ---- |
+| **Aria Operations for Networks** |         | |   |
+|  - Local Privilege Escalation vulnerability (CVE-2024-22237) |         | **High** | 7.8  |
+| - Cross Site Scripting Vulnerability (CVE-2024-22238) |         | **Medium** | 6.4 |
+| - Local Privilege Escalation vulnerability (CVE-2024-22239) |         | **Medium** | 5.3  |
+| - Local File Read vulnerability (CVE-2024-22240) |         | **Medium** | 4.9  |
+
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [VMware Aria Operations for Networks](https://www.vmware.com/security/advisories/VMSA-2024-0002.html)
+
+## Additional References
+
+- [CISA - VMware Releases Security Advisory for Aria Operations for Networks](https://www.cisa.gov/news-events/alerts/2024/02/07/vmware-releases-security-advisory-aria-operations-networks)