vCenter Server Heap Overflow Vulnerability

CVE-2024-37080

9.8CRITICAL

Key Information

Vendor: VMware
Status: Vmware Vcenter Server; Vmware Cloud Foundation
Vendor: CVE Published:; 18 June 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Affected Version(s)

VMware vCenter Server < 8.0 U2d

VMware vCenter Server < 8.0 U1e

VMware vCenter Server < 7.0 U3r

News Articles

SC Media

CVE-2024-37079CVE-2024-37080

VMware fixes 2 critical bugs; check if your vCenter Server is affected

The heap overflow flaws affect vSphere and Cloud Foundation and could enable RCE.

6 months ago

Hackread

CVE-2024-37080CVE-2024-37079

Broadcom Advises Urgent Patch for Severe VMware vCenter Server Vulnerabilities

Broadcom, the owner firm of VMware, discloses critical vulnerabilities affecting VMware vCenter Server and the virtualized environment it manages.

6 months ago

BleepingComputer

CVE-2024-37079CVE-2024-37080

VMware fixes critical vCenter RCE vulnerability, patch now

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws.

6 months ago

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 31, 2024
First article discovered by CybersecurityNews
Jun 18, 2024
Vulnerability published.
Jun 18, 2024
Vulnerability Reserved.
Jun 3, 2024

Collectors

NVD DatabaseMitre Database6 News Article(s)