CVE-2024-37080

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow3 documents3 sources

Severity

9.8CRITICAL

EPSS

24.9%

top 3.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vcenter Server

Timeline

PublishedJun 18

Description

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5vmware_vcenter_server8.0 — 8.0 U2d+2

▶NVDvmware/vcenter_server7.0, 8.0+1

▶CVEListV5vmware_cloud_foundation4.x, 5.x+1

Patches

Patch: support.broadcom.com ↗Patch: support.broadcom.com ↗

🔴Vulnerability Details

GHSA

GHSA-mw3w-f2gc-g47m: vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol↗2024-06-18

▶

CVEList

CVE-2024-37080: vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol↗2024-06-18

▶