CVE-2024-38812

CriticalKnown Exploited

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network…

vmware·CWE-122·Published 2024-09-17

CVSS

9.8

EPSS

0.53

KEV

Yes

Exploits

cve.orgen

282 chars

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

NVDen

282 chars

NVDes

315 chars

vCenter Server contiene una vulnerabilidad de desbordamiento de pila en la implementación del protocolo DCERPC. Un agente malintencionado con acceso de red al vCenter Server puede desencadenar esta vulnerabilidad enviando un paquete de red especialmente manipulado que podría provocar la ejecución remota de código.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H