vCenter Server Heap Overflow Vulnerability

CVE-2024-38812

9.8CRITICAL

Key Information

Vendor: VMware
Status: Vmware Vcenter Server; Vmware Cloud Foundation
Vendor: CVE Published:; 17 September 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

CVE-2024-38812 is a critical unauthenticated heap-overflow vulnerability in VMware vCenter Server that may potentially lead to remote code execution. The vulnerability affects vCenter Server versions 8.0 and 7.0, as well as VMware Cloud Foundation versions 5.x and 4.x. There are no known exploitations of this vulnerability in the wild, and VMware has released patches to fix the issue. Organizations are advised to promptly apply the recommended patches to mitigate the risk of exploitation.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-38812 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

VMware vCenter Server < 8.0 U3b

VMware vCenter Server < 7.0 U3s

VMware Cloud Foundation = 5.x

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-38812-POC-5-Hands-Private
Created by groshi

News Articles

Techzine Europe

CVE-2024-38812

Previously patched vCenter vulnerabilities actively exploited

These vulnerabilities, which enable remote code execution and privilege escalation, were supposedly fixed in September.

2 days ago

CybersecurityNews

CVE-2024-38812

VMware vCenter Server RCE Vulnerability Actively Exploited in Attacks

Broadcom has issued an urgent warning that two critical vulnerabilities in VMware vCenter Server are now being actively exploited in the wild.

2 days ago

BleepingComputer

CVE-2024-38812CVE-2024-38813

Critical RCE bug in VMware vCenter Server now exploited in attacks

Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw.

3 days ago

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit exists.
Nov 21, 2024
Risk change from: null to: 9.8 - (CRITICAL)
Sep 19, 2024
🔥
Vulnerability reached the number 1 worldwide trending spot.
Sep 18, 2024
Vulnerability started trending.
Sep 18, 2024
First article discovered by The Hacker News
Sep 18, 2024
Vulnerability published.
Sep 17, 2024

Collectors

NVD DatabaseMitre DatabaseCISA Database1 Proof of Concept(s)13 News Article(s)