9.8
CVE-2024-37079
- EPSS 79.31%
- Veröffentlicht 18.06.2024 06:15:11
- Zuletzt bearbeitet 26.01.2026 14:52:05
- Quelle security@vmware.com
- CVE-Watchlists
- Unerledigt
LoginvCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Cloud Foundation Version >= 4.0 < 5.2
VMware ≫ vCenter Server Version8.0 Update-
VMware ≫ vCenter Server Version8.0 Updatea
VMware ≫ vCenter Server Version8.0 Updateb
VMware ≫ vCenter Server Version8.0 Updatec
VMware ≫ vCenter Server Version8.0 Updateupdate1
VMware ≫ vCenter Server Version8.0 Updateupdate1a
VMware ≫ vCenter Server Version8.0 Updateupdate1b
VMware ≫ vCenter Server Version8.0 Updateupdate1c
VMware ≫ vCenter Server Version8.0 Updateupdate1d
VMware ≫ vCenter Server Version8.0 Updateupdate2
VMware ≫ vCenter Server Version8.0 Updateupdate2a
VMware ≫ vCenter Server Version8.0 Updateupdate2b
VMware ≫ vCenter Server Version8.0 Updateupdate2c
VMware ≫ vCenter Server Version7.0 Update-
VMware ≫ vCenter Server Version7.0 Updatea
VMware ≫ vCenter Server Version7.0 Updateb
VMware ≫ vCenter Server Version7.0 Updatec
VMware ≫ vCenter Server Version7.0 Updated
VMware ≫ vCenter Server Version7.0 Updateupdate1
VMware ≫ vCenter Server Version7.0 Updateupdate1a
VMware ≫ vCenter Server Version7.0 Updateupdate1c
VMware ≫ vCenter Server Version7.0 Updateupdate1d
VMware ≫ vCenter Server Version7.0 Updateupdate2
VMware ≫ vCenter Server Version7.0 Updateupdate2a
VMware ≫ vCenter Server Version7.0 Updateupdate2b
VMware ≫ vCenter Server Version7.0 Updateupdate2c
VMware ≫ vCenter Server Version7.0 Updateupdate2d
VMware ≫ vCenter Server Version7.0 Updateupdate3
VMware ≫ vCenter Server Version7.0 Updateupdate3a
VMware ≫ vCenter Server Version7.0 Updateupdate3c
VMware ≫ vCenter Server Version7.0 Updateupdate3d
VMware ≫ vCenter Server Version7.0 Updateupdate3e
VMware ≫ vCenter Server Version7.0 Updateupdate3f
VMware ≫ vCenter Server Version7.0 Updateupdate3g
VMware ≫ vCenter Server Version7.0 Updateupdate3h
VMware ≫ vCenter Server Version7.0 Updateupdate3i
VMware ≫ vCenter Server Version7.0 Updateupdate3j
VMware ≫ vCenter Server Version7.0 Updateupdate3k
VMware ≫ vCenter Server Version7.0 Updateupdate3l
VMware ≫ vCenter Server Version7.0 Updateupdate3m
VMware ≫ vCenter Server Version7.0 Updateupdate3n
VMware ≫ vCenter Server Version7.0 Updateupdate3o
VMware ≫ vCenter Server Version7.0 Updateupdate3p
23.01.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability
SchwachstelleBroadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious actor with network access to vCenter Server to send specially crafted network packets, potentially leading to remote code execution.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 79.31% | 0.99 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@vmware.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.