CVE-2024-38813
EUVD-2024-3770417.09.2024, 18:15
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | 4.0 ≤ 𝑥 < 5.2 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 7.0:a |
| vmware | vcenter_server | 7.0:b |
| vmware | vcenter_server | 7.0:c |
| vmware | vcenter_server | 7.0:d |
| vmware | vcenter_server | 7.0:update1 |
| vmware | vcenter_server | 7.0:update1a |
| vmware | vcenter_server | 7.0:update1c |
| vmware | vcenter_server | 7.0:update1d |
| vmware | vcenter_server | 7.0:update2 |
| vmware | vcenter_server | 7.0:update2a |
| vmware | vcenter_server | 7.0:update2b |
| vmware | vcenter_server | 7.0:update2c |
| vmware | vcenter_server | 7.0:update2d |
| vmware | vcenter_server | 7.0:update3 |
| vmware | vcenter_server | 7.0:update3a |
| vmware | vcenter_server | 7.0:update3c |
| vmware | vcenter_server | 7.0:update3d |
| vmware | vcenter_server | 7.0:update3e |
| vmware | vcenter_server | 7.0:update3f |
| vmware | vcenter_server | 7.0:update3g |
| vmware | vcenter_server | 7.0:update3h |
| vmware | vcenter_server | 7.0:update3i |
| vmware | vcenter_server | 7.0:update3j |
| vmware | vcenter_server | 7.0:update3k |
| vmware | vcenter_server | 7.0:update3l |
| vmware | vcenter_server | 7.0:update3m |
| vmware | vcenter_server | 7.0:update3n |
| vmware | vcenter_server | 7.0:update3o |
| vmware | vcenter_server | 7.0:update3p |
| vmware | vcenter_server | 7.0:update3q |
| vmware | vcenter_server | 7.0:update3r |
| vmware | vcenter_server | 7.0:update3s |
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 8.0:a |
| vmware | vcenter_server | 8.0:b |
| vmware | vcenter_server | 8.0:c |
| vmware | vcenter_server | 8.0:update1 |
| vmware | vcenter_server | 8.0:update1a |
| vmware | vcenter_server | 8.0:update1b |
| vmware | vcenter_server | 8.0:update1c |
| vmware | vcenter_server | 8.0:update1d |
| vmware | vcenter_server | 8.0:update1e |
| vmware | vcenter_server | 8.0:update2 |
| vmware | vcenter_server | 8.0:update2a |
| vmware | vcenter_server | 8.0:update2b |
| vmware | vcenter_server | 8.0:update2c |
| vmware | vcenter_server | 8.0:update2d |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| broadcom | vmware_center_server | 8.0 ≤ 𝑥 < 8.0_u3b | ADP |
| broadcom | vmware_center_server | 7.0 ≤ 𝑥 < 7.0_u3s | ADP |
| broadcom | vmware_center_server | 8.0 ≤ 𝑥 < 8.0_u3b | ADP |
| broadcom | vmware_center_server | 7.0 ≤ 𝑥 < 7.0_u3s | ADP |
| broadcom | vmware_cloud_foundation | 5.0 ≤ 𝑥 < 6.0 | ADP |
| broadcom | vmware_cloud_foundation | 4.0 ≤ 𝑥 < 5.0 | ADP |
| broadcom | vmware_cloud_foundation | 5.0 ≤ 𝑥 < 6.0 | ADP |
| broadcom | vmware_cloud_foundation | 4.0 ≤ 𝑥 < 5.0 | ADP |
Common Weakness Enumeration
- CWE-250 - Execution with Unnecessary PrivilegesThe software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
- CWE-273 - Improper Check for Dropped PrivilegesThe software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.