CVE-2024-38813

Summary

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Affected Software

VendorProductVersion RangeStatus
n/aVMware vCenter Server8.0 < 8.0 U3baffected
n/aVMware vCenter Server7.0 < 7.0 U3saffected
n/aVMware Cloud Foundation5.xaffected
n/aVMware Cloud Foundation4.xaffected

Weaknesses

  • CWE-273: CWE-273 Improper Check for Dropped Privileges
  • CWE-250: CWE-250

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References