CVE-2024-22274

CWE-94 — Code Injection3 documents3 sources

Severity

7.2HIGH

EPSS

63.5%

top 1.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Cloud Foundation Vmware Vcenter Server

Timeline

PublishedMay 21

Description

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5vmware_vcenter_server8.0 — 8.0 U2b+1

▶CVEListV5vmware_cloud_foundation_(vcenter_server)5.x — 5.1.1+1

▶NVDvmware/vcenter_server7.0, 8.0+1

▶NVDvmware/cloud_foundation4.0 — 5.1.1

🔴Vulnerability Details

CVEList

CVE-2024-22274: The vCenter Server contains an authenticated remote code execution vulnerability↗2024-05-21

▶

GHSA

GHSA-xm44-79f8-q8r7: The vCenter Server contains an authenticated remote code execution vulnerability↗2024-05-21

▶