VMWare Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in VMware products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege and remote code execution on the targeted system.
[Updated on 2024-11-19]
Updated Description and Risk level changed to extremely high.
Note: CVE-2024-38812 and CVE-2024-38813 are actively exploited in the wild.
A malicious actor with network access to vCenter Server may trigger CVE-2024-38813 to escalate privileges to root by sending a specially crafted network packet.
A malicious actor with network access to vCenter Server may trigger CVE-2024-38812 by sending a specially crafted network packet potentially leading to remote code execution.
RISK: Extremely High Risk
TYPE: Operating Systems – VM Ware
Impact
- Remote Code Execution
- Elevation of Privilege
System / Technologies affected
- VMware vCenter Server 7.0
- VMware vCenter Server 8.0
- VMware Cloud Foundation 4.x
- VMware Cloud Foundation 5.x
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
