vCenter Server Heap Overflow Vulnerability
Key Information
- Vendor
- VMware
- Status
- Vmware Vcenter Server
- Vmware Cloud Foundation
- Vendor
- CVE Published:
- 18 June 2024
Badges
Summary
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Affected Version(s)
VMware vCenter Server < 8.0 U2d
VMware vCenter Server < 8.0 U1e
VMware vCenter Server < 7.0 U3r
News Articles
VMware fixes 2 critical bugs; check if your vCenter Server is affected
The heap overflow flaws affect vSphere and Cloud Foundation and could enable RCE.
4 months ago
Broadcom Advises Urgent Patch for Severe VMware vCenter Server Vulnerabilities
Broadcom, the owner firm of VMware, discloses critical vulnerabilities affecting VMware vCenter Server and the virtualized environment it manages.
4 months ago
VMware fixes critical vCenter RCE vulnerability, patch now
VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws.
4 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by CybersecurityNews
Vulnerability published.
Vulnerability Reserved.