vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HVMware Vcenter Server
APPVmware7.08.04.0 – 5.5
CISA KEV — detailsi
- Vendori
- VMware ↗
- Producti
- vCenter Server
- Added to KEVi
- January 22, 2024
- Remediation deadline (US Federal)i
- February 12, 2024(overdue)
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.
Related vulnerabilities
VMware vCenter Server — heap-overflow w DCERPC umożliwia RCE
Heap overflow w VMware vCenter Server via protokół DCERPC — RCE
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor...
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in t...
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malici...