Lucene search
VmwareCVELIST:CVE-2024-37079HistoryJun 18, 2024 - 5:43 a.m.
CVE-2024-37079
2024-06-1805:43:06
vmware
www.cve.org
25
vcenter server
heap-overflow
dcerpc
remote code execution
network access
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
40.4%
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0 U1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-37079
2024-06-18 05:43:06
cve
cve
CVE-2024-37079
2024-06-18 06:15:11
nvd
nvd
CVE-2024-37079
2024-06-18 06:15:11
hackread
hackread
nessus
nessus
thn
thn
VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi
2024-06-18 08:24:00
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
2024-09-18 05:08:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
40.4%
Related for CVELIST:CVE-2024-37079