vmware vcenter-server CVE-2024-38813 is a vulnerability in VMware Vcenter Server
Published on September 17, 2024

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Vendor Advisory NVD

Known Exploited Vulnerability

This VMware vCenter Server Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet.

The following remediation steps are recommended / required by December 11, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2024-38813 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Improper Check for Dropped Privileges

The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. If the drop fails, the software will continue to run with the raised privileges, which might provide additional access to unprivileged users.


Products Associated with CVE-2024-38813

You can be notified by stack.watch whenever vulnerabilities like CVE-2024-38813 are published in these products:

 

What versions of Vcenter Server are vulnerable to CVE-2024-38813?