CVE-2024-38812 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vmware	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Vendor	Product	Version
vmware	cloud_foundation	4.0 ≤ 𝑥 < 5.2
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0:a
vmware	vcenter_server	7.0:b
vmware	vcenter_server	7.0:c
vmware	vcenter_server	7.0:d
vmware	vcenter_server	7.0:update1
vmware	vcenter_server	7.0:update1a
vmware	vcenter_server	7.0:update1c
vmware	vcenter_server	7.0:update1d
vmware	vcenter_server	7.0:update2
vmware	vcenter_server	7.0:update2a
vmware	vcenter_server	7.0:update2b
vmware	vcenter_server	7.0:update2c
vmware	vcenter_server	7.0:update2d
vmware	vcenter_server	7.0:update3
vmware	vcenter_server	7.0:update3a
vmware	vcenter_server	7.0:update3c
vmware	vcenter_server	7.0:update3d
vmware	vcenter_server	7.0:update3e
vmware	vcenter_server	7.0:update3f
vmware	vcenter_server	7.0:update3g
vmware	vcenter_server	7.0:update3h
vmware	vcenter_server	7.0:update3i
vmware	vcenter_server	7.0:update3j
vmware	vcenter_server	7.0:update3k
vmware	vcenter_server	7.0:update3l
vmware	vcenter_server	7.0:update3m
vmware	vcenter_server	7.0:update3n
vmware	vcenter_server	7.0:update3o
vmware	vcenter_server	7.0:update3p
vmware	vcenter_server	7.0:update3q
vmware	vcenter_server	7.0:update3r
vmware	vcenter_server	7.0:update3s
vmware	vcenter_server	8.0
vmware	vcenter_server	8.0:a
vmware	vcenter_server	8.0:b
vmware	vcenter_server	8.0:c
vmware	vcenter_server	8.0:update1
vmware	vcenter_server	8.0:update1a
vmware	vcenter_server	8.0:update1b
vmware	vcenter_server	8.0:update1c
vmware	vcenter_server	8.0:update1d
vmware	vcenter_server	8.0:update1e
vmware	vcenter_server	8.0:update2
vmware	vcenter_server	8.0:update2a
vmware	vcenter_server	8.0:update2b
vmware	vcenter_server	8.0:update2c
vmware	vcenter_server	8.0:update2d

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[ENGLISH] CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China (PRC) to maintain long-term persistence on compromised systems. "BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments," the agency said. "
Published: 2025-12-05T13:44:00+05:30

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38812