VMware vCenter Server Remote Code Execution Vulnerability

CVE-2024-22274

Summary

The vulnerability identified as CVE-2024-22274 affects VMware vCenter Server and allows a malicious actor with administrative privileges to run arbitrary commands on the underlying operating system. The vulnerability has been exploited and a proof-of-concept (PoC) exploit has been released, potentially allowing remote code execution. This poses a serious risk as it can give attackers full control of the affected system. The vulnerability affects specific API components and arbitrary commands can be executed with root privileges. VMware has recommended applying updates to the affected deployments and emphasizes the importance of maintaining up-to-date security measures in virtualization environments. Currently, no workarounds are available, and organizations are urged to assess their systems and apply the necessary updates to mitigate the risk of potential exploitation.

News Articles

AttackerKB

CVE-2024-22274

CVE-2024-22274 | AttackerKB

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance she…

6 months ago

Red Hot Cyber

CVE-2024-22274

L’exploit POC per l’RCE di VMware vCenter Server è ora disponibile Online!

Disponibile l'exploit pubblico per la RCE su L’exploit POC per l’RCE di VMware vCenter per eseguire comandi arbitrari con privilegi di root.

6 months ago

CybersecurityNews

CVE-2024-22274

PoC Exploit Released for VMware vCenter Server RCE Vulnerability

A proof-of-concept (PoC) exploit has been released for a critical vulnerability in the VMware vCenter Server, potentially allowing authenticated remote code execution.

6 months ago

References