Lucene search

VmwareCVE-2024-38813

HistorySep 17, 2024 - 6:15 p.m.

CVE-2024-38813

2024-09-1718:15:04

CWE-273

CWE-250

vmware

web.nvd.nist.gov

vcenter server

privilege escalation

cve-2024-38813

network access

root privileges

crafted network packet

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMware vCenter Server",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "8.0 U3b",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0 U3s",
        "status": "affected",
        "version": "7.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VMware Cloud Foundation",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "5.x"
      },
      {
        "status": "affected",
        "version": "4.x"
      }
    ]
  }
]

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-38813