CVE-2024-38813

unknown KEV

Published 2024-11-20 · Modified 2024-11-20

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet.

CISA KEV

Vendor: VMware
Product: vCenter Server
Due date: 2024-12-11

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38813

Exploits

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38813

Verify integrity in audit chain (admin only). AS-IS.