April 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Around 500 Organizations Compromised by Black Basta Ransomware Globally – Active IOCs
May 13, 2024SideWinder APT Group aka Rattlesnake – Active IOCs
May 13, 2024Around 500 Organizations Compromised by Black Basta Ransomware Globally – Active IOCs
May 13, 2024SideWinder APT Group aka Rattlesnake – Active IOCs
May 13, 2024
Severity
Medium
Analysis Summary
CVE-2024-22266 CVSS:6.5
VMware Avi Load Balancer (formerly VMware NSX Advanced Load Balancer) could allow a remote authenticated attacker to obtain sensitive information. By sending a specially crafted request, an attacker could exploit this vulnerability to view cloud connection credentials in plaintext.
CVE-2024-22264 CVSS:7.2
VMware Avi Load Balancer (formerly VMware NSX Advanced Load Balancer) could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to create, modify, execute and delete files as a root user on the host system.
Impact
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-22266
- CVE-2024-22264
Affected Vendors
VMWare
Affected Products
- VMware Avi Load Balancer 30.0.0
Remediation
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.
