Description
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
Published: 2024-09-17
Score: 7.5 High
EPSS: 29.5% Moderate
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 31 Oct 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Vmware cloud Foundation
CPEs cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3q:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3r:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3s:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*
Vendors & Products Vmware cloud Foundation

Tue, 21 Oct 2025 23:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Jun 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2024-11-20'}

Wed, 20 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 02 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware vcenter Server
CPEs cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update2d:*:*:*:*:*:*
Vendors & Products Vmware
Vmware vcenter Server

Tue, 17 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Broadcom
Broadcom vmware Center Server
Broadcom vmware Cloud Foundation
CPEs cpe:2.3:a:broadcom:vmware_center_server:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*
Vendors & Products Broadcom
Broadcom vmware Center Server
Broadcom vmware Cloud Foundation
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
Description The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
Title Privilege escalation vulnerability
Weaknesses CWE-250
CWE-273
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Broadcom Vmware Center Server Vmware Cloud Foundation
Vmware Cloud Foundation Vcenter Server
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2025-10-21T22:55:44.624Z

Reserved: 2024-06-19T22:31:57.187Z

Link: CVE-2024-38813

cve-icon Vulnrichment

Updated: 2024-09-17T20:37:03.455Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-17T18:15:04.127

Modified: 2025-10-31T15:56:53.710

Link: CVE-2024-38813

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses