CVE-2024-22274

Summary

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
n/aVMware vCenter Server8.0 < 8.0 U2baffected
n/aVMware vCenter Server7.0 < 7.0 U3qaffected
n/aVMware Cloud Foundation (vCenter Server)5.x < 5.1.1affected
n/aVMware Cloud Foundation (vCenter Server)4.xaffected

Weaknesses

  • Authenticated remote-code execution vulnerability

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References