CVE-2024-37080

2024-06-1806:15:11

[email protected]

web.nvd.nist.gov

105

vcenter server

heap-overflow

dcerpc

remote code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMware vCenter Server",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "8.0 U2d",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.0 U1e",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0 U3r",
        "status": "affected",
        "version": "7.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VMware Cloud Foundation",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "5.x"
      },
      {
        "status": "affected",
        "version": "4.x"
      }
    ]
  }
]