Cyber Resilience

CVE-2024-38813

HighCISA KEVActive ExploitationEUVD Exploited

Published: 17 September 2024

Published
17 September 2024
Modified
31 October 2025
KEV Added
20 November 2024
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2953 96.7th percentile
Risk Priority 53 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38813 is a high-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Vmware Vcenter Server. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 3.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

The vulnerability CVE-2024-38813 is a privilege escalation flaw in VMware vCenter Server that stems from improper privilege handling, tracked under CWE-250 and CWE-273. It affects the vCenter Server component and carries a CVSS 3.1 score of 7.5 reflecting network attack vector, high complexity, and low privileges required for successful exploitation.

A malicious actor who already possesses network access to vCenter Server can trigger the issue by transmitting a specially crafted network packet, resulting in an escalation of privileges to root on the affected system.

Broadcom has published a security advisory detailing the issue, while CISA has added CVE-2024-38813 to its catalog of known exploited vulnerabilities. The associated EPSS score has remained in the moderate range with a current value of 0.2953 and a peak of 0.3281.

EU & UK References

Vulnerability details

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

CWE(s)
KEV Date Added
20 November 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

vmware
cloud foundation
4.0 — 5.2
vmware
vcenter server
7.0, 8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces authorization checks on all requests to vCenter so a low-privileged actor cannot escalate to root via a crafted packet.

prevent

Limits every vCenter process and account to the minimum privileges required, blocking the elevation path described in CWE-250/273.

prevent

Boundary-protection mechanisms can restrict which hosts are even permitted to send management packets to vCenter, reducing the attack surface for this network-triggered flaw.

References