CVE-2024-38812

Опубликовано: 17 сент. 2024

Источник: nvd

CVSS3: 9.8

EPSS Высокий

Описание

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Ссылки

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38812
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*

Версия от 4.0 (включая) до 5.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3q:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3r:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3s:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update2d:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.79504

Высокий

9.8 Critical

CVSS3

Дефекты

CWE-122

CWE-787

Связанные уязвимости

GHSA-72q3-gvh6-6m6w

CVSS3: 9.8

github

больше 1 года назад

BDU:2024-07209

CVSS3: 9.8

fstec

больше 1 года назад

Уязвимость реализации протокола DCERPC программного обеспечения управления виртуальной инфраструктурой VMware vCenter Server, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 99%

0.79504

Высокий

9.8 Critical

CVSS3

Дефекты

CWE-122

CWE-787