CVE-2024-38813
7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | VMware vCenter Server | 8.0 < 8.0 U3b | affected |
| n/a | VMware vCenter Server | 7.0 < 7.0 U3s | affected |
| n/a | VMware Cloud Foundation | 5.x | affected |
| n/a | VMware Cloud Foundation | 4.x | affected |
Weaknesses
- CWE-273: CWE-273 Improper Check for Dropped Privileges
- CWE-250: CWE-250
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.