The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server | unaffected |
|
|||||||||
| n/a | VMware Cloud Foundation | unaffected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
No data.
No data.
Project Subscriptions
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 31 Oct 2025 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Vmware cloud Foundation
|
|
| CPEs | cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3q:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3r:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3s:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:* |
|
| Vendors & Products |
Vmware cloud Foundation
|
Tue, 21 Oct 2025 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 21 Oct 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 21 Oct 2025 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 10 Jun 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
kev
|
Wed, 20 Nov 2024 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
ssvc
|
Wed, 02 Oct 2024 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Vmware
Vmware vcenter Server |
|
| CPEs | cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update2d:*:*:*:*:*:* |
|
| Vendors & Products |
Vmware
Vmware vcenter Server |
Tue, 17 Sep 2024 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Broadcom
Broadcom vmware Center Server Broadcom vmware Cloud Foundation |
|
| CPEs | cpe:2.3:a:broadcom:vmware_center_server:*:*:*:*:*:*:*:* cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Broadcom
Broadcom vmware Center Server Broadcom vmware Cloud Foundation |
|
| Metrics |
ssvc
|
Tue, 17 Sep 2024 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | |
| Title | Privilege escalation vulnerability | |
| Weaknesses | CWE-250 CWE-273 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2025-10-21T22:55:44.624Z
Reserved: 2024-06-19T22:31:57.187Z
Link: CVE-2024-38813
Vulnrichment
Updated: 2024-09-17T20:37:03.455Z
NVD
Status : Analyzed
Published: 2024-09-17T18:15:04.127
Modified: 2025-10-31T15:56:53.710
Link: CVE-2024-38813
Redhat
No data.
OpenCVE Enrichment
No data.