CVE-2024-37080 : vCenter Server contains a heap-overflow vulnerability in the implementation of t

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Published 2024-06-18 05:43:11

Updated 2025-03-13 15:15:45

Source VMware

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2024-37080

Vmware » Vcenter Server
Versions from including (>=) 8.0 and before (<) 8.0 update1e
cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server
Versions from including (>=) 8.0 and before (<) 8.0 update2d
cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server
Versions from including (>=) 7.0 and before (<) 7.0 update3r
cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0
cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update A
cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update B
cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update C
cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update D
cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update1
cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update1a
cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update1c
cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update1d
cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update2
cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update2a
cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update2b
cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update2c
cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update2d
cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3
cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3a
cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3c
cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3d
cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3e
cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3f
cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3g
cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3h
cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3j
cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3k
cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3l
cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3i
cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0 Update Update1
cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0 Update Update1a
cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0 Update A
cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0 Update B
cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0 Update C
cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0
cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3m
cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0 Update Update1b
cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3n
cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0 Update Update1c
cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0 Update Update1d
cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0 Update Update2
cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0 Update Update2a
cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0 Update Update2b
cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 8.0 Update Update2c
cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3o
cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3p
cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*
Matching versions
Vmware » Cloud Foundation
Versions from including (>=) 5.0 and before (<) 5.1.1
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
Matching versions
Vmware » Cloud Foundation
Versions from including (>=) 4.0 and before (<) 5.0
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
Matching versions
Vmware » Cloud Foundation » Version: 5.0
Versions from including (>=) 5.0 and before (<) 5.1.1
cpe:2.3:o:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*
Matching versions
Vmware » Cloud Foundation » Version: 5.0
Versions from including (>=) 4.0 and before (<) 5.0
cpe:2.3:o:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-37080

EPSS FAQ

3.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-37080

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	N/A	N/A	VMware	2024-06-18
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST	2024-08-30
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	VMware	2024-06-18
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2024-37080

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2024-37080

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

Support Content Notification - Support Portal - Broadcom support portal
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2024-37080

Products affected by CVE-2024-37080

Exploit prediction scoring system (EPSS) score for CVE-2024-37080

CVSS scores for CVE-2024-37080

CWE ids for CVE-2024-37080

References for CVE-2024-37080