Search criteria
237 vulnerabilities found for vcenter_server by vmware
FKIE_CVE-2024-38813
Vulnerability from fkie_nvd - Published: 2024-09-17 18:15 - Updated: 2025-10-31 15:56
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
References
Impacted products
{
"cisaActionDue": "2024-12-11",
"cisaExploitAdd": "2024-11-20",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "VMware vCenter Server Privilege Escalation Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9",
"versionEndExcluding": "5.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3q:*:*:*:*:*:*",
"matchCriteriaId": "8002080A-D384-4CE4-B9FC-1C6C89BA756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3r:*:*:*:*:*:*",
"matchCriteriaId": "0538B0F0-664C-425E-AF90-7F46CAC3D842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3s:*:*:*:*:*:*",
"matchCriteriaId": "AB7595CC-5C3A-40AB-B679-AFC12CEC77A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*",
"matchCriteriaId": "1188E9D6-53AD-40D0-8146-3728D071008D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "89D5A7F9-3183-4EE7-828C-13BB9169E199",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a privilege escalation vulnerability.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de escalada de privilegios. Un actor malintencionado con acceso de red al servidor vCenter puede activar esta vulnerabilidad para escalar privilegios a la ra\u00edz mediante el env\u00edo de un paquete de red especialmente manipulado."
}
],
"id": "CVE-2024-38813",
"lastModified": "2025-10-31T15:56:53.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-17T18:15:04.127",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38813"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
},
{
"lang": "en",
"value": "CWE-273"
}
],
"source": "security@vmware.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-273"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-38812
Vulnerability from fkie_nvd - Published: 2024-09-17 18:15 - Updated: 2025-10-31 15:57
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References
Impacted products
{
"cisaActionDue": "2024-12-11",
"cisaExploitAdd": "2024-11-20",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "VMware vCenter Server Heap-Based Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9",
"versionEndExcluding": "5.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3q:*:*:*:*:*:*",
"matchCriteriaId": "8002080A-D384-4CE4-B9FC-1C6C89BA756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3r:*:*:*:*:*:*",
"matchCriteriaId": "0538B0F0-664C-425E-AF90-7F46CAC3D842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3s:*:*:*:*:*:*",
"matchCriteriaId": "AB7595CC-5C3A-40AB-B679-AFC12CEC77A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*",
"matchCriteriaId": "1188E9D6-53AD-40D0-8146-3728D071008D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "89D5A7F9-3183-4EE7-828C-13BB9169E199",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The\u00a0vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de desbordamiento de pila en la implementaci\u00f3n del protocolo DCERPC. Un agente malintencionado con acceso de red al vCenter Server puede desencadenar esta vulnerabilidad enviando un paquete de red especialmente manipulado que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2024-38812",
"lastModified": "2025-10-31T15:57:11.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-17T18:15:03.920",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38812"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@vmware.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-37087
Vulnerability from fkie_nvd - Published: 2024-06-25 15:15 - Updated: 2025-06-27 13:39
Severity ?
Summary
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9",
"versionEndExcluding": "5.2",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*",
"matchCriteriaId": "1188E9D6-53AD-40D0-8146-3728D071008D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "89D5A7F9-3183-4EE7-828C-13BB9169E199",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a denial-of-service vulnerability.\u00a0A malicious actor with network access to vCenter Server may create a denial-of-service condition."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de denegaci\u00f3n de servicio. Un actor malintencionado con acceso a la red de vCenter Server puede crear una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"id": "CVE-2024-37087",
"lastModified": "2025-06-27T13:39:54.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2024-06-25T15:15:12.767",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-37080
Vulnerability from fkie_nvd - Published: 2024-06-18 06:15 - Updated: 2025-03-13 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9",
"versionEndExcluding": "5.2",
"versionStartIncluding": "4.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de desbordamiento de mont\u00f3n en la implementaci\u00f3n del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar esta vulnerabilidad al enviar un paquete de red especialmente manipulado que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2024-37080",
"lastModified": "2025-03-13T15:15:45.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-18T06:15:11.640",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-37081
Vulnerability from fkie_nvd - Published: 2024-06-18 06:15 - Updated: 2025-06-20 19:08
Severity ?
Summary
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*",
"matchCriteriaId": "1188E9D6-53AD-40D0-8146-3728D071008D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3q:*:*:*:*:*:*",
"matchCriteriaId": "8002080A-D384-4CE4-B9FC-1C6C89BA756C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9",
"versionEndExcluding": "5.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance."
},
{
"lang": "es",
"value": "vCenter Server contiene m\u00faltiples vulnerabilidades de escalada de privilegios locales debido a una mala configuraci\u00f3n de sudo. Un usuario local autenticado con privilegios no administrativos puede aprovechar estos problemas para elevar los privilegios a root en vCenter Server Appliance."
}
],
"id": "CVE-2024-37081",
"lastModified": "2025-06-20T19:08:08.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2024-06-18T06:15:11.900",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-556"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-37079
Vulnerability from fkie_nvd - Published: 2024-06-18 06:15 - Updated: 2025-03-14 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9",
"versionEndExcluding": "5.2",
"versionStartIncluding": "4.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de desbordamiento de mont\u00f3n en la implementaci\u00f3n del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar esta vulnerabilidad al enviar un paquete de red especialmente manipulado que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2024-37079",
"lastModified": "2025-03-14T14:15:16.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-18T06:15:11.350",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-22274
Vulnerability from fkie_nvd - Published: 2024-05-21 18:15 - Updated: 2025-06-27 13:37
Severity ?
Summary
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6C5CFA-E78F-46EA-B8E0-8AE2A29C9586",
"versionEndExcluding": "5.1.1",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*",
"matchCriteriaId": "1188E9D6-53AD-40D0-8146-3728D071008D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an authenticated remote code execution vulnerability.\u00a0A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system."
},
{
"lang": "es",
"value": " vCenter Server contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticado. Un actor malintencionado con privilegios administrativos en el shell del dispositivo vCenter puede aprovechar este problema para ejecutar comandos arbitrarios en el sistema operativo subyacente."
}
],
"id": "CVE-2024-22274",
"lastModified": "2025-06-27T13:37:52.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2024-05-21T18:15:09.190",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-22275
Vulnerability from fkie_nvd - Published: 2024-05-21 18:15 - Updated: 2025-06-27 13:38
Severity ?
Summary
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6C5CFA-E78F-46EA-B8E0-8AE2A29C9586",
"versionEndExcluding": "5.1.1",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*",
"matchCriteriaId": "1188E9D6-53AD-40D0-8146-3728D071008D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a partial file read vulnerability.\u00a0A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data."
},
{
"lang": "es",
"value": " vCenter Server contiene una vulnerabilidad de lectura parcial de archivos. Un actor malintencionado con privilegios administrativos en el shell del dispositivo vCenter puede aprovechar este problema para leer parcialmente archivos arbitrarios que contengan datos confidenciales."
}
],
"id": "CVE-2024-22275",
"lastModified": "2025-06-27T13:38:06.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2024-05-21T18:15:09.383",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-34048
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2025-10-30 19:52
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | * | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 |
{
"cisaActionDue": "2024-02-12",
"cisaExploitAdd": "2024-01-22",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "VMware vCenter Server Out-of-Bounds Write Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "561A702A-DB0C-4E67-AF6C-9994B99DA56C",
"versionEndIncluding": "5.5",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de escritura fuera de los l\u00edmites en la implementaci\u00f3n del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar una escritura fuera de los l\u00edmites que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2023-34048",
"lastModified": "2025-10-30T19:52:27.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:27.897",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/understanding-cve-2023-34048-a-zero-day-out-of-bound-write-in-vcenter-server"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-34048"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-34056
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 08:06
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "561A702A-DB0C-4E67-AF6C-9994B99DA56C",
"versionEndIncluding": "5.5",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vCenter Server contains a partial information disclosure vulnerability.\u00a0A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de divulgaci\u00f3n parcial de informaci\u00f3n. Un actor malintencionado con privilegios no administrativos para vCenter Server puede aprovechar este problema para acceder a datos no autorizados."
}
],
"id": "CVE-2023-34056",
"lastModified": "2024-11-21T08:06:29.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:27.953",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2024-38813 (GCVE-0-2024-38813)
Vulnerability from cvelistv5 – Published: 2024-09-17 17:13 – Updated: 2025-10-21 22:55
VLAI?
Summary
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U3b
(custom)
Affected: 7.0 , < 7.0 U3s (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0_u3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0_u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0_u3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0_u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38813",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:18:12.716736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38813"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:44.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38813"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00+00:00",
"value": "CVE-2024-38813 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-09-17T05:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vCenter Server contains a privilege escalation vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains a privilege escalation vulnerability.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-273",
"description": "CWE-273 Improper Check for Dropped Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:13:13.924Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38813",
"datePublished": "2024-09-17T17:13:13.924Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2025-10-21T22:55:44.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38812 (GCVE-0-2024-38812)
Vulnerability from cvelistv5 – Published: 2024-09-17 17:13 – Updated: 2025-10-21 22:55
VLAI?
Summary
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Severity ?
9.8 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U3b
(custom)
Affected: 7.0 , < 7.0 U3s (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_vcenter_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0u3b",
"status": "affected",
"version": "8.00",
"versionType": "custom"
},
{
"lessThan": "7.0u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_vcenter_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0u3b",
"status": "affected",
"version": "8.00",
"versionType": "custom"
},
{
"lessThan": "7.0u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38812",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:17:18.904501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38812"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:44.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38812"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00+00:00",
"value": "CVE-2024-38812 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-09-17T05:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evCenter Server contains a heap-overflow vulnerability in the implementation of the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDCERPC protocol\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u0026nbsp;\u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The\u00a0vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:13:09.778Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38812",
"datePublished": "2024-09-17T17:13:09.778Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2025-10-21T22:55:44.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37087 (GCVE-0-2024-37087)
Vulnerability from cvelistv5 – Published: 2024-06-25 14:16 – Updated: 2024-10-31 13:19
VLAI?
Summary
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.
Severity ?
5.3 (Medium)
CWE
- Denial-of-service vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | vCenter Server |
Affected:
8.0 , < 8.0 U3
(custom)
Affected: 7.0 , < 7.0 U3q (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T19:44:32.514057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T13:19:28.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U3",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3q",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-25T01:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vCenter Server contains a denial-of-service vulnerability.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eA malicious actor with network access to vCenter Server may create a denial-of-service condition.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains a denial-of-service vulnerability.\u00a0A malicious actor with network access to vCenter Server may create a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T14:16:13.273Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37087",
"datePublished": "2024-06-25T14:16:13.273Z",
"dateReserved": "2024-06-03T05:40:17.632Z",
"dateUpdated": "2024-10-31T13:19:28.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37081 (GCVE-0-2024-37081)
Vulnerability from cvelistv5 – Published: 2024-06-18 05:43 – Updated: 2024-08-02 03:43
VLAI?
Summary
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
Severity ?
7.8 (High)
CWE
- Local privilege escalation vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U2d
(custom)
Affected: 7.0 , < 7.0 U3r (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "8.0u2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "7.0u3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37081",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-556",
"description": "CWE-556 ASP.NET Misconfiguration: Use of Identity Impersonation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T03:55:32.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-17T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u0026nbsp;\u003c/span\u003e\u003c/span\u003eAn authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local privilege escalation vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:43:20.580Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37081",
"datePublished": "2024-06-18T05:43:20.580Z",
"dateReserved": "2024-06-03T05:40:17.631Z",
"dateUpdated": "2024-08-02T03:43:50.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37080 (GCVE-0-2024-37080)
Vulnerability from cvelistv5 – Published: 2024-06-18 05:43 – Updated: 2025-03-13 14:42
VLAI?
Summary
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Severity ?
9.8 (Critical)
CWE
- Heap-overflow vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U2d
(custom)
Affected: 8.0 , < 8.0 U1e (custom) Affected: 7.0 , < 7.0 U3r (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "8.0u2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0u1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "7.0u3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37080",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T03:55:59.700292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T14:42:40.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0 U1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-17T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. \u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:43:10.901Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37080",
"datePublished": "2024-06-18T05:43:10.901Z",
"dateReserved": "2024-06-03T05:40:17.631Z",
"dateUpdated": "2025-03-13T14:42:40.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37079 (GCVE-0-2024-37079)
Vulnerability from cvelistv5 – Published: 2024-06-18 05:43 – Updated: 2025-03-14 13:36
VLAI?
Summary
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Severity ?
9.8 (Critical)
CWE
- Heap-overflow vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U2d
(custom)
Affected: 8.0 , < 8.0 U1e (custom) Affected: 7.0 , < 7.0 U3r (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_vcenter_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0 U2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0 U1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37079",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T03:55:58.515986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T13:36:56.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:51.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0 U1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-17T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. \u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:43:06.619Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37079",
"datePublished": "2024-06-18T05:43:06.619Z",
"dateReserved": "2024-06-03T05:40:17.631Z",
"dateUpdated": "2025-03-14T13:36:56.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22275 (GCVE-0-2024-22275)
Vulnerability from cvelistv5 – Published: 2024-05-21 17:29 – Updated: 2025-03-27 19:25
VLAI?
Summary
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.
Severity ?
4.9 (Medium)
CWE
- Partial file read vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U2b
(custom)
Affected: 7.0 , < 7.0 U3q (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T19:06:55.459940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:25:13.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3q",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation (vCenter Server)",
"vendor": "n/a",
"versions": [
{
"lessThan": "5.1.1",
"status": "affected",
"version": "5.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vCenter Server contains a partial file read vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains a partial file read vulnerability.\u00a0A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Partial file read vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T17:29:45.562Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22275",
"datePublished": "2024-05-21T17:29:45.562Z",
"dateReserved": "2024-01-08T18:43:18.958Z",
"dateUpdated": "2025-03-27T19:25:13.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22274 (GCVE-0-2024-22274)
Vulnerability from cvelistv5 – Published: 2024-05-21 17:29 – Updated: 2024-08-01 22:43
VLAI?
Summary
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
Severity ?
7.2 (High)
CWE
- Authenticated remote-code execution vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U2b
(custom)
Affected: 7.0 , < 7.0 U3q (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:5*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"status": "affected",
"version": "5*"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:4*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"status": "affected",
"version": "4*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22274",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T03:55:31.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3q",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation (vCenter Server)",
"vendor": "n/a",
"versions": [
{
"lessThan": "5.1.1",
"status": "affected",
"version": "5.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vCenter Server contains an authenticated remote code execution vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains an authenticated remote code execution vulnerability.\u00a0A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated remote-code execution vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T17:29:33.899Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22274",
"datePublished": "2024-05-21T17:29:33.899Z",
"dateReserved": "2024-01-08T18:43:18.957Z",
"dateUpdated": "2024-08-01T22:43:34.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34056 (GCVE-0-2023-34056)
Vulnerability from cvelistv5 – Published: 2023-10-25 04:24 – Updated: 2024-10-29 18:28
VLAI?
Summary
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
Severity ?
4.3 (Medium)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware vCenter Server |
Affected:
8.0 , < 8.0U2
(8.0U2)
Affected: 7.0 , < 7.0U3o (7.0U3o) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T14:12:23.418110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T18:28:23.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VMware vCenter Server",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.0U2",
"status": "affected",
"version": "8.0",
"versionType": "8.0U2"
},
{
"lessThan": "7.0U3o",
"status": "affected",
"version": "7.0",
"versionType": "7.0U3o"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VMware Cloud Foundation (VMware vCenter Server)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2023-10-25T03:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "vCenter Server contains a partial information disclosure vulnerability.\u0026nbsp;A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data."
}
],
"value": "vCenter Server contains a partial information disclosure vulnerability.\u00a0A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T04:24:47.707Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMware vCenter Server Partial Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34056",
"datePublished": "2023-10-25T04:24:47.707Z",
"dateReserved": "2023-05-25T17:21:56.203Z",
"dateUpdated": "2024-10-29T18:28:23.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34048 (GCVE-0-2023-34048)
Vulnerability from cvelistv5 – Published: 2023-10-25 04:21 – Updated: 2025-10-21 23:05
VLAI?
Summary
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
Severity ?
9.8 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware vCenter Server |
Affected:
8.0 , < 8.0U2
(8.0U2)
Affected: 7.0 , < 7.0U3o (7.0U3o) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "7.0U3o",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "8.0U2",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "KB88287",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "KB88287",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34048",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T16:43:59.468773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-01-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-34048"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:33.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-34048"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-22T00:00:00+00:00",
"value": "CVE-2023-34048 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:47:56.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
},
{
"url": "https://www.vicarius.io/vsociety/posts/understanding-cve-2023-34048-a-zero-day-out-of-bound-write-in-vcenter-server"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VMware vCenter Server",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.0U2",
"status": "affected",
"version": "8.0",
"versionType": "8.0U2"
},
{
"lessThan": "7.0U3o",
"status": "affected",
"version": "7.0",
"versionType": "7.0U3o"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VMware Cloud Foundation (VMware vCenter Server)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2023-10-25T03:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u0026nbsp;A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution."
}
],
"value": "vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T04:21:42.267Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMware vCenter Server Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34048",
"datePublished": "2023-10-25T04:21:42.267Z",
"dateReserved": "2023-05-25T17:21:56.202Z",
"dateUpdated": "2025-10-21T23:05:33.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38813 (GCVE-0-2024-38813)
Vulnerability from nvd – Published: 2024-09-17 17:13 – Updated: 2025-10-21 22:55
VLAI?
Summary
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U3b
(custom)
Affected: 7.0 , < 7.0 U3s (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0_u3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0_u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0_u3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0_u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38813",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:18:12.716736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38813"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:44.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38813"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00+00:00",
"value": "CVE-2024-38813 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-09-17T05:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vCenter Server contains a privilege escalation vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains a privilege escalation vulnerability.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-273",
"description": "CWE-273 Improper Check for Dropped Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:13:13.924Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38813",
"datePublished": "2024-09-17T17:13:13.924Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2025-10-21T22:55:44.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38812 (GCVE-0-2024-38812)
Vulnerability from nvd – Published: 2024-09-17 17:13 – Updated: 2025-10-21 22:55
VLAI?
Summary
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Severity ?
9.8 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U3b
(custom)
Affected: 7.0 , < 7.0 U3s (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_vcenter_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0u3b",
"status": "affected",
"version": "8.00",
"versionType": "custom"
},
{
"lessThan": "7.0u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_vcenter_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0u3b",
"status": "affected",
"version": "8.00",
"versionType": "custom"
},
{
"lessThan": "7.0u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38812",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:17:18.904501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38812"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:44.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38812"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00+00:00",
"value": "CVE-2024-38812 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-09-17T05:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evCenter Server contains a heap-overflow vulnerability in the implementation of the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDCERPC protocol\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u0026nbsp;\u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The\u00a0vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:13:09.778Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38812",
"datePublished": "2024-09-17T17:13:09.778Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2025-10-21T22:55:44.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37087 (GCVE-0-2024-37087)
Vulnerability from nvd – Published: 2024-06-25 14:16 – Updated: 2024-10-31 13:19
VLAI?
Summary
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.
Severity ?
5.3 (Medium)
CWE
- Denial-of-service vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | vCenter Server |
Affected:
8.0 , < 8.0 U3
(custom)
Affected: 7.0 , < 7.0 U3q (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T19:44:32.514057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T13:19:28.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U3",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3q",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-25T01:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vCenter Server contains a denial-of-service vulnerability.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eA malicious actor with network access to vCenter Server may create a denial-of-service condition.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains a denial-of-service vulnerability.\u00a0A malicious actor with network access to vCenter Server may create a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T14:16:13.273Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37087",
"datePublished": "2024-06-25T14:16:13.273Z",
"dateReserved": "2024-06-03T05:40:17.632Z",
"dateUpdated": "2024-10-31T13:19:28.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37081 (GCVE-0-2024-37081)
Vulnerability from nvd – Published: 2024-06-18 05:43 – Updated: 2024-08-02 03:43
VLAI?
Summary
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
Severity ?
7.8 (High)
CWE
- Local privilege escalation vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U2d
(custom)
Affected: 7.0 , < 7.0 U3r (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "8.0u2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "7.0u3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37081",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-556",
"description": "CWE-556 ASP.NET Misconfiguration: Use of Identity Impersonation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T03:55:32.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-17T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u0026nbsp;\u003c/span\u003e\u003c/span\u003eAn authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local privilege escalation vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:43:20.580Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37081",
"datePublished": "2024-06-18T05:43:20.580Z",
"dateReserved": "2024-06-03T05:40:17.631Z",
"dateUpdated": "2024-08-02T03:43:50.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37080 (GCVE-0-2024-37080)
Vulnerability from nvd – Published: 2024-06-18 05:43 – Updated: 2025-03-13 14:42
VLAI?
Summary
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Severity ?
9.8 (Critical)
CWE
- Heap-overflow vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U2d
(custom)
Affected: 8.0 , < 8.0 U1e (custom) Affected: 7.0 , < 7.0 U3r (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "8.0u2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0u1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "7.0u3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37080",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T03:55:59.700292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T14:42:40.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0 U1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-17T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. \u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:43:10.901Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37080",
"datePublished": "2024-06-18T05:43:10.901Z",
"dateReserved": "2024-06-03T05:40:17.631Z",
"dateUpdated": "2025-03-13T14:42:40.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37079 (GCVE-0-2024-37079)
Vulnerability from nvd – Published: 2024-06-18 05:43 – Updated: 2025-03-14 13:36
VLAI?
Summary
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Severity ?
9.8 (Critical)
CWE
- Heap-overflow vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U2d
(custom)
Affected: 8.0 , < 8.0 U1e (custom) Affected: 7.0 , < 7.0 U3r (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_vcenter_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0 U2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0 U1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37079",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T03:55:58.515986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T13:36:56.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:51.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0 U1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-17T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. \u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:43:06.619Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37079",
"datePublished": "2024-06-18T05:43:06.619Z",
"dateReserved": "2024-06-03T05:40:17.631Z",
"dateUpdated": "2025-03-14T13:36:56.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22275 (GCVE-0-2024-22275)
Vulnerability from nvd – Published: 2024-05-21 17:29 – Updated: 2025-03-27 19:25
VLAI?
Summary
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.
Severity ?
4.9 (Medium)
CWE
- Partial file read vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U2b
(custom)
Affected: 7.0 , < 7.0 U3q (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T19:06:55.459940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:25:13.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3q",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation (vCenter Server)",
"vendor": "n/a",
"versions": [
{
"lessThan": "5.1.1",
"status": "affected",
"version": "5.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vCenter Server contains a partial file read vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains a partial file read vulnerability.\u00a0A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Partial file read vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T17:29:45.562Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22275",
"datePublished": "2024-05-21T17:29:45.562Z",
"dateReserved": "2024-01-08T18:43:18.958Z",
"dateUpdated": "2025-03-27T19:25:13.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22274 (GCVE-0-2024-22274)
Vulnerability from nvd – Published: 2024-05-21 17:29 – Updated: 2024-08-01 22:43
VLAI?
Summary
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
Severity ?
7.2 (High)
CWE
- Authenticated remote-code execution vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Affected:
8.0 , < 8.0 U2b
(custom)
Affected: 7.0 , < 7.0 U3q (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:5*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"status": "affected",
"version": "5*"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:4*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"status": "affected",
"version": "4*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22274",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T03:55:31.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3q",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation (vCenter Server)",
"vendor": "n/a",
"versions": [
{
"lessThan": "5.1.1",
"status": "affected",
"version": "5.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vCenter Server contains an authenticated remote code execution vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains an authenticated remote code execution vulnerability.\u00a0A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated remote-code execution vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T17:29:33.899Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22274",
"datePublished": "2024-05-21T17:29:33.899Z",
"dateReserved": "2024-01-08T18:43:18.957Z",
"dateUpdated": "2024-08-01T22:43:34.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34056 (GCVE-0-2023-34056)
Vulnerability from nvd – Published: 2023-10-25 04:24 – Updated: 2024-10-29 18:28
VLAI?
Summary
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
Severity ?
4.3 (Medium)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware vCenter Server |
Affected:
8.0 , < 8.0U2
(8.0U2)
Affected: 7.0 , < 7.0U3o (7.0U3o) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T14:12:23.418110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T18:28:23.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VMware vCenter Server",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.0U2",
"status": "affected",
"version": "8.0",
"versionType": "8.0U2"
},
{
"lessThan": "7.0U3o",
"status": "affected",
"version": "7.0",
"versionType": "7.0U3o"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VMware Cloud Foundation (VMware vCenter Server)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2023-10-25T03:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "vCenter Server contains a partial information disclosure vulnerability.\u0026nbsp;A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data."
}
],
"value": "vCenter Server contains a partial information disclosure vulnerability.\u00a0A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T04:24:47.707Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMware vCenter Server Partial Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34056",
"datePublished": "2023-10-25T04:24:47.707Z",
"dateReserved": "2023-05-25T17:21:56.203Z",
"dateUpdated": "2024-10-29T18:28:23.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34048 (GCVE-0-2023-34048)
Vulnerability from nvd – Published: 2023-10-25 04:21 – Updated: 2025-10-21 23:05
VLAI?
Summary
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
Severity ?
9.8 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware vCenter Server |
Affected:
8.0 , < 8.0U2
(8.0U2)
Affected: 7.0 , < 7.0U3o (7.0U3o) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "7.0U3o",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "8.0U2",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "KB88287",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "KB88287",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34048",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T16:43:59.468773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-01-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-34048"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:33.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-34048"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-22T00:00:00+00:00",
"value": "CVE-2023-34048 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:47:56.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
},
{
"url": "https://www.vicarius.io/vsociety/posts/understanding-cve-2023-34048-a-zero-day-out-of-bound-write-in-vcenter-server"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VMware vCenter Server",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.0U2",
"status": "affected",
"version": "8.0",
"versionType": "8.0U2"
},
{
"lessThan": "7.0U3o",
"status": "affected",
"version": "7.0",
"versionType": "7.0U3o"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VMware Cloud Foundation (VMware vCenter Server)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2023-10-25T03:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u0026nbsp;A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution."
}
],
"value": "vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T04:21:42.267Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMware vCenter Server Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34048",
"datePublished": "2023-10-25T04:21:42.267Z",
"dateReserved": "2023-05-25T17:21:56.202Z",
"dateUpdated": "2025-10-21T23:05:33.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}