CVE-2024-38812 Heap-overflow vulnerability

2024-09-1717:13:09

CWE-122

vmware

www.cve.org

cve-2024-38812

vcenter server

heap-overflow

dcerpc protocol

network access

remote code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMware vCenter Server",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "8.0 U3b",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0 U3s",
        "status": "affected",
        "version": "7.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VMware Cloud Foundation",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "5.x"
      },
      {
        "status": "affected",
        "version": "4.x"
      }
    ]
  }
]