CVE-2024-38813
VMware vCenter Server Privilege Escalation Vulnerability
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
Act
*SSVC
Descriptions
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Act
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-06-19 CVE Reserved
- 2024-09-17 CVE Published
- 2024-11-20 CVE Updated
- 2024-11-20 Exploited in Wild
- 2024-11-21 EPSS Updated
- 2024-12-11 KEV Due Date
- ---------- First Exploit
CWE
- CWE-250: Execution with Unnecessary Privileges
- CWE-273: Improper Check for Dropped Privileges
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| - | - | - | - | - | ||||||