First published: Tue Sep 17 2024(Updated: )
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Credit: security@vmware.com security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware vCenter | ||
VMware vCenter | =7.0 | |
VMware vCenter | =7.0-update1 | |
VMware vCenter | =7.0-update1a | |
VMware vCenter | =7.0-update1c | |
VMware vCenter | =7.0-update1d | |
VMware vCenter | =7.0-update2 | |
VMware vCenter | =7.0-update2a | |
VMware vCenter | =7.0-update2b | |
VMware vCenter | =7.0-update2c | |
VMware vCenter | =7.0-update2d | |
VMware vCenter | =7.0-update3 | |
VMware vCenter | =7.0-update3a | |
VMware vCenter | =7.0-update3c | |
VMware vCenter | =7.0-update3d | |
VMware vCenter | =7.0-update3e | |
VMware vCenter | =7.0-update3f | |
VMware vCenter | =7.0-update3g | |
VMware vCenter | =7.0-update3h | |
VMware vCenter | =7.0-update3i | |
VMware vCenter | =7.0-update3j | |
VMware vCenter | =7.0-update3k | |
VMware vCenter | =7.0-update3l | |
VMware vCenter | =7.0-update3m | |
VMware vCenter | =7.0-update3n | |
VMware vCenter | =8.0 | |
VMware vCenter | =8.0-update1 | |
VMware vCenter | =8.0-update1a | |
VMware vCenter | =8.0-update1b | |
VMware vCenter | =8.0-update1c | |
VMware vCenter | =8.0-update1d | |
VMware vCenter | =8.0-update1e | |
VMware vCenter | =8.0-update2 | |
VMware vCenter | =8.0-update2a | |
VMware vCenter | =8.0-update2b | |
VMware vCenter | =8.0-update2c | |
VMware vCenter | =8.0-update2d |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2024-38812 has been classified as critical due to its potential for remote code execution.
To fix CVE-2024-38812, apply the latest security patch provided by VMware for vCenter Server.
CVE-2024-38812 affects VMware vCenter Server versions 7.0 and 8.0, including various updates.
CVE-2024-38812 is a heap-overflow vulnerability in the DCERPC protocol implementation.
Yes, a malicious actor with network access can exploit CVE-2024-38812 by sending a specially crafted network packet.