Vulnerability discovered in VMware Avi Load Balancer could allow hackers to gain access to databases
This vulnerability allows attackers with specific capabilities to execute specially crafted SQL queries and gain unauthorized access to the database. It has been classified as a “Critical” security issue with a CVSSv3 score of 8.6.
The vulnerability arises due to improper input sanitization in the VMware Avi Load Balancer system. This flaw enables attackers to exploit the system without authentication (without requiring a password or user account). If exploited, attackers could gain access to the database, illegally extract, modify, or delete data. This could lead to serious data breaches and other security risks for organizations.
Broadcom has released patches to address this vulnerability for all affected versions. Below is a list of affected and fixed versions:
| Product | Affected Versions | Fixed Versions |
|---|---|---|
| VMware Avi Load Balancer | 30.1.1 | 30.1.2-2p2 |
| VMware Avi Load Balancer | 30.1.2 | 30.1.2-2p2 |
| VMware Avi Load Balancer | 30.2.1 | 30.2.1-2p5 |
| VMware Avi Load Balancer | 30.2.2 | 30.2.2-2p2 |
There is no available workaround for this vulnerability, so it is strongly recommended to apply the updates immediately.
What Should Organizations Using VMware Avi Load Balancer Do?
✅ Identify affected versions: Check if your system is running a vulnerable version and update it.
✅ Apply patches: Install the fixed versions listed above without delay.
✅ Monitor network activity: Continuously track suspicious activities and attack attempts.
This VMware Avi Load Balancer vulnerability presents a serious security threat. If system administrators fail to apply the updates in time, organizations may face unauthorized access, data breaches, and other severe consequences. It is crucial to take the recommended mitigation steps immediately.
