vCenter Server Heap Overflow Vulnerability

CVE-2024-38812
9.8CRITICAL

Key Information

Vendor
VMware
Status
Vmware Vcenter Server
Vmware Cloud Foundation
Vendor
CVE Published:
17 September 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

CVE-2024-38812 is a critical unauthenticated heap-overflow vulnerability in VMware vCenter Server that may potentially lead to remote code execution. The vulnerability affects vCenter Server versions 8.0 and 7.0, as well as VMware Cloud Foundation versions 5.x and 4.x. There are no known exploitations of this vulnerability in the wild, and VMware has released patches to fix the issue. Organizations are advised to promptly apply the recommended patches to mitigate the risk of exploitation.

Affected Version(s)

VMware vCenter Server < 8.0 U3b

VMware vCenter Server < 7.0 U3s

VMware Cloud Foundation = 5.x

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • Risk change from: null to: 9.8 - (CRITICAL)

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • First article discovered by The Hacker News

  • Vulnerability published.

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)9 News Article(s)
.