VMware vCenter Server Priv Escalation via Malicious Network Packet
CVE-2024-38813 Published on September 17, 2024

Privilege escalation vulnerability
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

NVD

Known Exploited Vulnerability

This VMware vCenter Server Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet.

The following remediation steps are recommended / required by December 11, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2024-38813 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Types

Improper Check for Dropped Privileges

The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. If the drop fails, the software will continue to run with the raised privileges, which might provide additional access to unprivileged users.

Execution with Unnecessary Privileges

The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.


Products Associated with CVE-2024-38813

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-38813 are published in these products:

VMware Vcenter Server
 
Broadcom Vmware Center Server
 
Broadcom Vmware Cloud Foundation
 

Exploit Probability

EPSS
32.81%
Percentile
96.77%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.