CVE-2024-37081

Summary

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

Affected Software

VendorProductVersion RangeStatus
n/aVMware vCenter Server8.0 < 8.0 U2daffected
n/aVMware vCenter Server7.0 < 7.0 U3raffected
n/aVMware Cloud Foundation5.xaffected
n/aVMware Cloud Foundation4.xaffected

Weaknesses

  • Local privilege escalation vulnerability

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References