CVE-2024-38813.md
1 #### 19-09-2024 2 3 **1. Description:** 4 5 - **Brief Summary:** The vCenter Server contains a privilege escalation vulnerability 6 - **Technical Details:** The vulnerability is due to a lack of validation of the calculated response header size used in subtraction. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted [[DCERPC]] packet to the target server. 7 - **Severity Score:** 8 - **CVSS v3.1 Base Score:** 7.5 9 - **CVSS v3.1 Vector:** CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 10 - **Affected Software/Versions:** 11 - vCenter Server 7.0, 8.0 12 - VMware Cloud Foundation 4.x, 5.x 13 14 **2. Related Information:** 15 16 - **CWE:** 17 - [CWE-250](http://cwe.mitre.org/data/definitions/250.html) 18 - [CWE-273](http://cwe.mitre.org/data/definitions/273.html) 19 20 **3. Vulnerability Analysis:** 21 22 - **Impact:** 23 - Privilege Escalation 24 - **Remediation:** Install patch 25 26 **4. References:** 27 28 - **Official CVE Entry:** [Yes](https://nvd.nist.gov/vuln/detail/CVE-2024-38813) 29 - **Vendor Advisory:** 30 - [The Hacker News](https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html) 31 - **Other Relevant Resources:** 32 - **POC**: 33 34 **5. Notes (Optional):** 35 36 - **Additional Information:** 37 - **Timeline:**