CVE-2024-38813
Published: 17 September 2024
Summary
CVE-2024-38813 is a high-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Vmware Vcenter Server. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 3.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
The vulnerability CVE-2024-38813 is a privilege escalation flaw in VMware vCenter Server that stems from improper privilege handling, tracked under CWE-250 and CWE-273. It affects the vCenter Server component and carries a CVSS 3.1 score of 7.5 reflecting network attack vector, high complexity, and low privileges required for successful exploitation.
A malicious actor who already possesses network access to vCenter Server can trigger the issue by transmitting a specially crafted network packet, resulting in an escalation of privileges to root on the affected system.
Broadcom has published a security advisory detailing the issue, while CISA has added CVE-2024-38813 to its catalog of known exploited vulnerabilities. The associated EPSS score has remained in the moderate range with a current value of 0.2953 and a peak of 0.3281.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-37704
Vulnerability details
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
- CWE(s)
- KEV Date Added
- 20 November 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces authorization checks on all requests to vCenter so a low-privileged actor cannot escalate to root via a crafted packet.
Limits every vCenter process and account to the minimum privileges required, blocking the elevation path described in CWE-250/273.
Boundary-protection mechanisms can restrict which hosts are even permitted to send management packets to vCenter, reducing the attack surface for this network-triggered flaw.