VMware Aria Automation Flaw Let Hackers Perform SQL Injection Attacks

VMware has released security updates to address a critical SQL injection vulnerability in its Aria Automation product. The vulnerability tracked as CVE-2024-22280, could allow authenticated attackers to perform unauthorized database operations.

The vulnerability affects VMware Aria Automation version 8.x and VMware Cloud Foundation versions 5.x and 4.x. It carries a CVSS severity score of 8.5 out of 10, indicating its high severity.

According to VMware’s advisory, the issue stems from improper input validation in Aria Automation. An authenticated malicious user could exploit this by entering specially crafted SQL queries to perform unauthorized read and write operations in the database.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Researchers Alexandre Lavoie and Felix Boulet from Quebec’s Centre Gouvernemental de Cyberdéfense (CGCD) privately reported the vulnerability to VMware.

VMware has released patches to address the vulnerability in affected versions. Users are strongly advised to update to the latest versions immediately. 

For Aria Automation versions prior to 8.17.0, specific patches are available.

To verify if a VMware Aria Automation installation is vulnerable to CVE-2024-22280, users can follow these steps:

Check the Installed Version:

• Log in to one of the Aria Automation appliances via SSH.
• Run the command: vracli version patch
• This will display the current version and patch level[4].

Compare the version to the affected versions:

• CVE-2024-22280 affects VMware Aria Automation version 8.x (prior to 8.17.0).
• Versions 8.17.0 and above are not impacted by this vulnerability.

If running an affected version, check if the patch is installed:

• The vracli version patch command output should indicate if the specific security patch for CVE-2024-22280 is installed.

For VMware Cloud Foundation users:

• Check if you’re running versions 5.x or 4.x, which are also affected.

If no patch is present and the version is below 8.17.0, the installation is likely vulnerable.

To remediate the vulnerability:

• For versions 8.17.0 and above: No action is required as they are not affected.
• For versions 8.13.0 to 8.16.2: Apply the corresponding patch listed in the VMware knowledge base article.
• For all affected versions: Consider upgrading to version 8.17.0 or later to resolve the vulnerability.

It’s crucial to apply the necessary patches or upgrades as soon as possible, as this SQL injection vulnerability could allow authenticated attackers to perform unauthorized read and write operations in the database.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo