First published: Tue Sep 17 2024(Updated: )
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware vCenter Server | =7.0 | |
VMware vCenter Server | =7.0-update1 | |
VMware vCenter Server | =7.0-update1a | |
VMware vCenter Server | =7.0-update1c | |
VMware vCenter Server | =7.0-update1d | |
VMware vCenter Server | =7.0-update2 | |
VMware vCenter Server | =7.0-update2a | |
VMware vCenter Server | =7.0-update2b | |
VMware vCenter Server | =7.0-update2c | |
VMware vCenter Server | =7.0-update2d | |
VMware vCenter Server | =7.0-update3 | |
VMware vCenter Server | =7.0-update3a | |
VMware vCenter Server | =7.0-update3c | |
VMware vCenter Server | =7.0-update3d | |
VMware vCenter Server | =7.0-update3e | |
VMware vCenter Server | =7.0-update3f | |
VMware vCenter Server | =7.0-update3g | |
VMware vCenter Server | =7.0-update3h | |
VMware vCenter Server | =7.0-update3i | |
VMware vCenter Server | =7.0-update3j | |
VMware vCenter Server | =7.0-update3k | |
VMware vCenter Server | =7.0-update3l | |
VMware vCenter Server | =7.0-update3m | |
VMware vCenter Server | =7.0-update3n | |
VMware vCenter Server | =8.0 | |
VMware vCenter Server | =8.0-update1 | |
VMware vCenter Server | =8.0-update1a | |
VMware vCenter Server | =8.0-update1b | |
VMware vCenter Server | =8.0-update1c | |
VMware vCenter Server | =8.0-update1d | |
VMware vCenter Server | =8.0-update1e | |
VMware vCenter Server | =8.0-update2 | |
VMware vCenter Server | =8.0-update2a | |
VMware vCenter Server | =8.0-update2b | |
VMware vCenter Server | =8.0-update2c | |
VMware vCenter Server | =8.0-update2d | |
VMware vCenter Server |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.