CVE-2024-38813

Privilege escalation vulnerability

CVSS 7.5 HIGHEPSS 16.7%● KEVCWE-250 CWE-273

In short

A flaw in vCenter Server allows someone with network access to gain root privileges by sending a specially crafted network packet. This is critical because attackers can take complete control of the virtualization infrastructure.

Technical detail

CWE-250/273 privilege escalation in vCenter Server allows unauthenticated or low-privileged network attackers to escalate to root via a crafted network packet, requiring only network reachability to the affected service. Successful exploitation grants complete system control over the virtualization platform.

Summary generated and translated by AI from the official description.

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · VMware Cloud Foundation n/a · VMware vCenter Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38813