vCenter Server Heap Overflow Vulnerability
CVE-2024-37080

9.8CRITICAL

Key Information:

Vendor
VMware
Status
Vmware Vcenter Server
Vmware Cloud Foundation
Vendor
CVE Published:
18 June 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

VMware vCenter Server is susceptible to a heap overflow vulnerability associated with the DCERPC protocol implementation. Malicious actors with network access can exploit this flaw by sending a specially crafted network packet. This breach may result in remote code execution, granting unauthorized access and control over affected systems. Organizations utilizing vCenter Server should prioritize applying patches and updates to mitigate potential risks.

Affected Version(s)

VMware Cloud Foundation 5.x

VMware Cloud Foundation 4.x

VMware vCenter Server 8.0 < 8.0 U2d

News Articles

favicon imageSC Media

VMware fixes 2 critical bugs; check if your vCenter Server is affected

The heap overflow flaws affect vSphere and Cloud Foundation and could enable RCE.

7 months ago

favicon imageHackread

Broadcom Advises Urgent Patch for Severe VMware vCenter Server Vulnerabilities

Broadcom, the owner firm of VMware, discloses critical vulnerabilities affecting VMware vCenter Server and the virtualized environment it manages.

7 months ago

favicon imageBleepingComputer

VMware fixes critical vCenter RCE vulnerability, patch now

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws.

7 months ago

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by CybersecurityNews

  • Vulnerability published

  • Vulnerability Reserved

.