CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38812

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.58

EPSS Ranking 98.0%

CVSS Severity

CVSS v3 Score 9.8

Proposed Action

VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet.

Ransomware Campaign

Unknown

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

Products affected by CVE-2024-38812

Vmware » Vcenter Server » Version: 7.0

cpe:2.3:a:vmware:vcenter_server:7.0
Vmware » Vcenter Server » Version: 8.0

cpe:2.3:a:vmware:vcenter_server:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38812

Products

Pricing

Contact Us