The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HVMware Cloud Foundation
APPVmware4.0 – 5.2 (bez)VMware Vcenter Server
APPVmware7.08.0
CISA KEV — detailsi
- Vendori
- VMware ↗
- Producti
- vCenter Server
- Added to KEVi
- November 20, 2024
- Remediation deadline (US Federal)i
- December 11, 2024(overdue)
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet.
Related vulnerabilities
VMware ESXi/Workstation: TOCTOU umożliwia ucieczkę z VM przez VMX process
Heap overflow w VMware vCenter Server via protokół DCERPC — RCE
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A m...
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor...