Vulnerabilities > CVE-2024-38812 - Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 36 |
Common Weakness Enumeration (CWE)
Related news
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Critical VMware vCenter Server bugs fixed (CVE-2024-38812) (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)