Security News > 2024 > September > Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
2024-09-18 05:08

Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a


News URL

https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-09-17 CVE-2024-38812 Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
network
low complexity
vmware CWE-787
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 148 11 224 259 101 595