Lucene search
HistoryJun 18, 2024 - 6:15 a.m.
CVE-2024-37079
vcenter server
heap-overflow
dcerpc
remote code execution
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
40.4%
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Affected configurations
Node
vmwarevcenter_serverMatch8.0-
ORvmwarevcenter_serverMatch8.0a
ORvmwarevcenter_serverMatch8.0b
ORvmwarevcenter_serverMatch8.0c
ORvmwarevcenter_serverMatch8.0update1
ORvmwarevcenter_serverMatch8.0update1a
ORvmwarevcenter_serverMatch8.0update1b
ORvmwarevcenter_serverMatch8.0update1c
ORvmwarevcenter_serverMatch8.0update1d
ORvmwarevcenter_serverMatch8.0update2
ORvmwarevcenter_serverMatch8.0update2a
ORvmwarevcenter_serverMatch8.0update2b
ORvmwarevcenter_serverMatch8.0update2c
Node
vmwarevcenter_serverMatch7.0-
ORvmwarevcenter_serverMatch7.0a
ORvmwarevcenter_serverMatch7.0b
ORvmwarevcenter_serverMatch7.0c
ORvmwarevcenter_serverMatch7.0d
ORvmwarevcenter_serverMatch7.0update1
ORvmwarevcenter_serverMatch7.0update1a
ORvmwarevcenter_serverMatch7.0update1c
ORvmwarevcenter_serverMatch7.0update1d
ORvmwarevcenter_serverMatch7.0update2
ORvmwarevcenter_serverMatch7.0update2a
ORvmwarevcenter_serverMatch7.0update2b
ORvmwarevcenter_serverMatch7.0update2c
ORvmwarevcenter_serverMatch7.0update2d
ORvmwarevcenter_serverMatch7.0update3
ORvmwarevcenter_serverMatch7.0update3a
ORvmwarevcenter_serverMatch7.0update3c
ORvmwarevcenter_serverMatch7.0update3d
ORvmwarevcenter_serverMatch7.0update3e
ORvmwarevcenter_serverMatch7.0update3f
ORvmwarevcenter_serverMatch7.0update3g
ORvmwarevcenter_serverMatch7.0update3h
ORvmwarevcenter_serverMatch7.0update3i
ORvmwarevcenter_serverMatch7.0update3j
ORvmwarevcenter_serverMatch7.0update3k
ORvmwarevcenter_serverMatch7.0update3l
ORvmwarevcenter_serverMatch7.0update3m
ORvmwarevcenter_serverMatch7.0update3n
ORvmwarevcenter_serverMatch7.0update3o
ORvmwarevcenter_serverMatch7.0update3p
Node
vmwarevcenter_serverMatch7.0-
ORvmwarevcenter_serverMatch7.0a
ORvmwarevcenter_serverMatch7.0b
ORvmwarevcenter_serverMatch7.0c
ORvmwarevcenter_serverMatch7.0d
ORvmwarevcenter_serverMatch7.0update1
ORvmwarevcenter_serverMatch7.0update1a
ORvmwarevcenter_serverMatch7.0update1c
ORvmwarevcenter_serverMatch7.0update1d
ORvmwarevcenter_serverMatch7.0update2
ORvmwarevcenter_serverMatch7.0update2a
ORvmwarevcenter_serverMatch7.0update2b
ORvmwarevcenter_serverMatch7.0update2c
ORvmwarevcenter_serverMatch7.0update2d
ORvmwarevcenter_serverMatch7.0update3
ORvmwarevcenter_serverMatch7.0update3a
ORvmwarevcenter_serverMatch7.0update3c
ORvmwarevcenter_serverMatch7.0update3d
ORvmwarevcenter_serverMatch7.0update3e
ORvmwarevcenter_serverMatch7.0update3f
ORvmwarevcenter_serverMatch7.0update3g
ORvmwarevcenter_serverMatch7.0update3h
ORvmwarevcenter_serverMatch7.0update3i
ORvmwarevcenter_serverMatch7.0update3j
ORvmwarevcenter_serverMatch7.0update3k
ORvmwarevcenter_serverMatch7.0update3l
ORvmwarevcenter_serverMatch7.0update3m
ORvmwarevcenter_serverMatch7.0update3n
ORvmwarevcenter_serverMatch7.0update3o
ORvmwarevcenter_serverMatch7.0update3p
ORvmwarevcenter_serverMatch8.0-
ORvmwarevcenter_serverMatch8.0a
ORvmwarevcenter_serverMatch8.0b
ORvmwarevcenter_serverMatch8.0c
ORvmwarevcenter_serverMatch8.0update1
ORvmwarevcenter_serverMatch8.0update1a
ORvmwarevcenter_serverMatch8.0update1b
ORvmwarevcenter_serverMatch8.0update1c
ORvmwarevcenter_serverMatch8.0update1d
ORvmwarevcenter_serverMatch8.0update2
ORvmwarevcenter_serverMatch8.0update2a
ORvmwarevcenter_serverMatch8.0update2b
ORvmwarevcenter_serverMatch8.0update2c
vmwarecloud_foundationRange4.0–5.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vmware | vcenter_server | 8.0 | cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:* |
| vmware | vcenter_server | 8.0 | cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:* |
| vmware | vcenter_server | 8.0 | cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:* |
| vmware | vcenter_server | 8.0 | cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:* |
| vmware | vcenter_server | 8.0 | cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:* |
| vmware | vcenter_server | 8.0 | cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:* |
| vmware | vcenter_server | 8.0 | cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:* |
| vmware | vcenter_server | 8.0 | cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:* |
| vmware | vcenter_server | 8.0 | cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:* |
| vmware | vcenter_server | 8.0 | cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2024-37079
2024-06-18 05:43:06
cve
cve
CVE-2024-37079
2024-06-18 06:15:11
cvelist
cvelist
CVE-2024-37079
2024-06-18 05:43:06
hackread
hackread
nessus
nessus
thn
thn
VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi
2024-06-18 08:24:00
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
2024-09-18 05:08:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
40.4%
Related for NVD:CVE-2024-37079