The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
History

Wed, 20 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 02 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware vcenter Server
Weaknesses CWE-787
CPEs cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update2d:*:*:*:*:*:*
Vendors & Products Vmware
Vmware vcenter Server

Thu, 19 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Broadcom
Broadcom vmware Cloud Foundation
Broadcom vmware Vcenter Server
CPEs cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*
Vendors & Products Vmware
Vmware cloud Foundation
Vmware vcenter Server
Broadcom
Broadcom vmware Cloud Foundation
Broadcom vmware Vcenter Server

Wed, 18 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware cloud Foundation
Vmware vcenter Server
CPEs cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*
Vendors & Products Vmware
Vmware cloud Foundation
Vmware vcenter Server
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 17 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
Description The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Title Heap-overflow vulnerability
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-09-17T17:13:09.778Z

Updated: 2024-11-20T17:20:23.062Z

Reserved: 2024-06-19T22:31:57.187Z

Link: CVE-2024-38812

cve-icon Vulnrichment

Updated: 2024-09-18T13:49:47.197Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-17T18:15:03.920

Modified: 2024-11-22T02:00:03.353

Link: CVE-2024-38812

cve-icon Redhat

No data.