CVE-2024-37081

CWE-5563 documents3 sources

Severity

7.8HIGH

EPSS

50.3%

top 2.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Cloud Foundation Vmware Vcenter Server

Timeline

PublishedJun 18

Description

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5vmware_vcenter_server8.0 — 8.0 U2d+1

▶NVDvmware/vcenter_server7.0, 8.0+1

▶NVDvmware/cloud_foundation4.0 — 5.2

▶CVEListV5vmware_cloud_foundation4.x, 5.x+1

🔴Vulnerability Details

CVEList

CVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo↗2024-06-18

▶

GHSA

GHSA-rhv4-3chh-r5jc: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo↗2024-06-18

▶