Understanding VMware Avi Load Balancer Vulnerabilities

May 9, 2024

In recent security advisories, VMware Avi Load Balancer has been identified to contain critical vulnerabilities that could potentially compromise system security. Two specific vulnerabilities have been highlighted:

### CVE-2024-22266: Information Disclosure Vulnerability

This vulnerability allows a malicious actor with access to the system logs to view cloud connection credentials in plaintext. This could lead to unauthorized access to sensitive cloud resources. The severity of this vulnerability is rated as medium with a CVSS Base Score of 6.5 by VMware[6].

### CVE-2024-22264: Privilege Escalation Vulnerability

The second vulnerability involves privilege escalation, enabling an attacker with admin privileges on VMware Avi Load Balancer to create, modify, execute, and delete files as a root user on the host system. This vulnerability is rated as high severity with a CVSS Base Score of 7.2 by VMware[6].

### Mitigation and Recommendations

Given the severity of these vulnerabilities, it is crucial for system administrators to take immediate action to secure their systems. While patches are not yet available, VMware is actively working on addressing these issues. In the meantime, restricting access to system logs, limiting administrative privileges, and closely monitoring system activities are recommended steps to mitigate the risks associated with these vulnerabilities.

Citations:

[1] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24219

[2] https://avd.aliyun.com/nvd/list?page=-65

[3] https://avinetworks.com/docs/latest/security-advisory-notice/

[4] https://blogs.vmware.com/security/2023/10/cve-2023-44487.html

[5] https://rudimartinsen.com/2021/12/22/detecting-and-preventing-log4j-with-avi/

[6] https://blogs.vmware.com/cloud/2020/01/14/avi-vantage-load-balancing-three-tier-apps/