CVE-2024-38813

Warning

EPSS 18.6%
Published 17.09.2024 18:15:04
Last modified 22.11.2024 02:00:03
Source security@vmware.com
Teams watchlist Login
Open Login

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Affected products Warnungen 1 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Vcenter Server Version7.0 Update-

VMware ≫ Vcenter Server Version7.0 Updateupdate1

VMware ≫ Vcenter Server Version7.0 Updateupdate1a

VMware ≫ Vcenter Server Version7.0 Updateupdate1c

VMware ≫ Vcenter Server Version7.0 Updateupdate1d

VMware ≫ Vcenter Server Version7.0 Updateupdate2

VMware ≫ Vcenter Server Version7.0 Updateupdate2a

VMware ≫ Vcenter Server Version7.0 Updateupdate2b

VMware ≫ Vcenter Server Version7.0 Updateupdate2c

VMware ≫ Vcenter Server Version7.0 Updateupdate2d

VMware ≫ Vcenter Server Version7.0 Updateupdate3

VMware ≫ Vcenter Server Version7.0 Updateupdate3a

VMware ≫ Vcenter Server Version7.0 Updateupdate3c

VMware ≫ Vcenter Server Version7.0 Updateupdate3d

VMware ≫ Vcenter Server Version7.0 Updateupdate3e

VMware ≫ Vcenter Server Version7.0 Updateupdate3f

VMware ≫ Vcenter Server Version7.0 Updateupdate3g

VMware ≫ Vcenter Server Version7.0 Updateupdate3h

VMware ≫ Vcenter Server Version7.0 Updateupdate3i

VMware ≫ Vcenter Server Version7.0 Updateupdate3j

VMware ≫ Vcenter Server Version7.0 Updateupdate3k

VMware ≫ Vcenter Server Version7.0 Updateupdate3l

VMware ≫ Vcenter Server Version7.0 Updateupdate3m

VMware ≫ Vcenter Server Version7.0 Updateupdate3n

VMware ≫ Vcenter Server Version8.0 Update-

VMware ≫ Vcenter Server Version8.0 Updateupdate1

VMware ≫ Vcenter Server Version8.0 Updateupdate1a

VMware ≫ Vcenter Server Version8.0 Updateupdate1b

VMware ≫ Vcenter Server Version8.0 Updateupdate1c

VMware ≫ Vcenter Server Version8.0 Updateupdate1d

VMware ≫ Vcenter Server Version8.0 Updateupdate1e

VMware ≫ Vcenter Server Version8.0 Updateupdate2

VMware ≫ Vcenter Server Version8.0 Updateupdate2a

VMware ≫ Vcenter Server Version8.0 Updateupdate2b

VMware ≫ Vcenter Server Version8.0 Updateupdate2c

VMware ≫ Vcenter Server Version8.0 Updateupdate2d

20.11.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

VMware vCenter Server Privilege Escalation Vulnerability

Vulnerability

VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.6%	0.95

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@vmware.com	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CWE-273 Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38813

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38813

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38813

EUVD