Skip to content

CVE-2024-37081: Multiple Local Privilege Escalation in VMware vCenter Server

Notifications You must be signed in to change notification settings

mbadanoiu/CVE-2024-37081

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

CVE-2024-37081: Multiple Local Privilege Escalation in VMware vCenter Server

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

Vendor Disclosure:

The vendor's disclosure for this vulnerability can be found here.

Requirements:

This vulnerability requires:

  • Ability to run system commands as a misconfigured sudo user or group

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

CVE-2024-37081: Multiple Local Privilege Escalation in VMware vCenter Server

Topics

Resources

Stars

Watchers

Forks