CVE-2024-37081

Опубликовано: 18 июн. 2024

Источник: nvd

CVSS3: 7.8

EPSS Средний

Описание

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3q:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*

Версия от 4.0 (включая) до 5.2 (исключая)

EPSS

Процентиль: 98%

0.48351

Средний

7.8 High

CVSS3

Дефекты

CWE-556

Связанные уязвимости

GHSA-rhv4-3chh-r5jc

CVSS3: 7.8

github

больше 1 года назад

BDU:2024-04816

CVSS3: 7.8

fstec

больше 1 года назад

Уязвимость программного обеспечения управления виртуальной инфраструктурой VMware vCenter Server, связанная с недостатками процедуры аутентификации, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 98%

0.48351

Средний

7.8 High

CVSS3

Дефекты

CWE-556