CVE-2024-38813 | THREATINT

Description

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

PUBLISHED Reserved 2024-06-19 | Published 2024-09-17 | Updated 2025-10-21 | Assigner vmware

HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Date added 2024-11-20 | Due date 2024-12-11

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-273 Improper Check for Dropped Privileges

CWE-250

Product status

Default status

unaffected

8.0 (custom) before 8.0 U3b

affected

7.0 (custom) before 7.0 U3s

affected

Default status

unaffected

5.x

affected

4.x

affected

References

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2024-38813 government-resource

support.broadcom.com/...l/content/SecurityAdvisories/0/24968

cve.org (CVE-2024-38813)

nvd.nist.gov (CVE-2024-38813)