Vmware: >> Cloud Foundation >> 5.1 Security Vulnerabilities
CVE-2024-38812
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.779
Published
2024-09-17
CVE-2024-37085
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
Known exploited
CVSS Score
6.8
EPSS Score
0.719
Published
2024-06-25
VMware ESXi contains an out-of-bounds read vulnerability. A
malicious actor with local administrative privileges on a virtual
machine with an existing snapshot may trigger an out-of-bounds read
leading to a denial-of-service condition of the host.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-06-25
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.
CVSS Score
5.3
EPSS Score
0.006
Published
2024-06-25
CVE-2024-37079
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.82
Published
2024-06-18
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.249
Published
2024-06-18
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
CVSS Score
7.8
EPSS Score
0.499
Published
2024-06-18
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
CVSS Score
7.2
EPSS Score
0.635
Published
2024-05-21
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.
CVSS Score
4.9
EPSS Score
0.117
Published
2024-05-21
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
CVSS Score
8.1
EPSS Score
0.003
Published
2024-05-21