vCenter Server Heap Overflow Vulnerability
Key Information
- Vendor
- VMware
- Status
- Vmware Vcenter Server
- Vmware Cloud Foundation
- Vendor
- CVE Published:
- 17 September 2024
Badges
Summary
CVE-2024-38812 is a critical unauthenticated heap-overflow vulnerability in VMware vCenter Server that may potentially lead to remote code execution. The vulnerability affects vCenter Server versions 8.0 and 7.0, as well as VMware Cloud Foundation versions 5.x and 4.x. There are no known exploitations of this vulnerability in the wild, and VMware has released patches to fix the issue. Organizations are advised to promptly apply the recommended patches to mitigate the risk of exploitation.
Affected Version(s)
VMware vCenter Server < 8.0 U3b
VMware vCenter Server < 7.0 U3s
VMware Cloud Foundation = 5.x
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
PoC Published for VMWare vCenter Server RCE Vulnerability CVE-2024-38812
Security researchers have discovered and detailed a critical remote code execution (RCE) vulnerability in the VMware vCenter Server, identified as CVE-2024-38812.
3 days ago
Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Fortinet releases patches for publicly undisclosed
6 days ago
VMware fixes bad patch for critical vCenter Server RCE flaw
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024.
1 week ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
Risk change from: null to: 9.8 - (CRITICAL)
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
First article discovered by The Hacker News
Vulnerability published.