CVERadar

CVE-2024-37081

High Severity

SVRS

50/100

CVSSv3

NA/10

EPSS

0.10521/1

CVE-2024-37081: Local Privilege Escalation in VMware vCenter Server. This vulnerability allows a non-administrative user to gain root access on the vCenter Server Appliance due to sudo misconfiguration. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 50. This is significant because active exploits are available. An attacker can leverage these exploits to escalate privileges, potentially gaining full control of the affected system. The vulnerability poses a critical risk because it can be exploited by local authenticated users, making internal networks more vulnerable. Immediate patching is advised. While the SVRS indicates medium severity, the presence of active exploits increases the urgency of remediation.

Indicators of Compromise

No IOCs found for this CVE

Exploits

Title	Software Link	Date
CERTologists/Modified-CVE-2024-37081-POC	https://github.com/CERTologists/Modified-CVE-2024-37081-POC	2024-07-21
CERTologists/-CVE-2024-37081-POC	https://github.com/CERTologists/-CVE-2024-37081-POC	2024-07-21

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

Metasploit 2024 Annual Wrap-Up

Spencer McIntyre2025-01-03

Metasploit 2024 Annual Wrap-Up | Another year has come and gone, and the Metasploit team has taken some time to review the year’s notable additions. This year saw some great new features added, Metasploit 6.4 released and a slew of new modules. We’re grateful to the community members new and old thatAnother year

rapid7.com

rss

forum

news

Metasploit Weekly Wrap-Up 12/06/2024

Christophe De La Fuente2024-12-06

Metasploit Weekly Wrap-Up 12/06/2024 | Post-Thanksgiving Big Release This week's release is an impressive one. It adds 9 new modules, which will get you remote code execution on products such as Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It also includes an account takeover on Wordpress, a local privilegePost-Thanksgiving Big Release <img alt="Metasploit Weekly

rapid7.com

rss

forum

news

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) - Help Net Security

2024-06-18

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) - Help Net Security | News Content: VMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain it: vSphere and Cloud Foundation. “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution,” the company said, but noted that they are currently not aware of them being exploited “in the wild”. The vulnerabilities VMware vCenter Server is a popular server management solution

google.com

rss

forum

news

24th June – Threat Intelligence Report - Check Point Research

2024-06-24

24th June – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 24th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The BlackSuit ransomware group has disrupted operations at CDK Global, a significant provider of IT and digital marketing solutions to the automotive industry, targeting their SaaS platforms across the United States and Canada. This incident led to significant operational disruptions, impacting vehicle sales and dealer services. The BlackSuit ransomware, introduced in May 2023, is reportedly a continuation or new version of what was previously known as the

google.com

rss

forum

news

24th June – Threat Intelligence Report - Check Point Research - Check Point Research

2024-06-24

24th June – Threat Intelligence Report - Check Point Research - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 24th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The BlackSuit ransomware group has disrupted operations at CDK Global, a significant provider of IT and digital marketing solutions to the automotive industry, targeting their SaaS platforms across the United States and Canada. This incident led to significant operational disruptions, impacting vehicle sales and dealer services. The BlackSuit ransomware, introduced in May 2023, is reportedly a continuation or new version of what was previously

cve-2024-37081

cve-2024-36680

cve-2024-6045

cve-2024-37079

24th June – Threat Intelligence Report

hagarb2024-06-24

24th June – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 24th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The BlackSuit ransomware group has disrupted operations at CDK Global, a significant provider of IT and digital marketing solutions to the automotive industry, targeting their SaaS platforms across the United States and […] The post 24th June – Threat Intelligence Report appeared first on Check Point Research<

cve-2024-37081

cve-2024-36680

cve-2024-37080

cve-2024-37079

Vulnerability Recap 6/24/24 – Patch Highlights Across Platforms

Maine Basan2024-06-24

Vulnerability Recap 6/24/24 – Patch Highlights Across Platforms | Major platforms performed recent fixes to address critical vulnerabilities. Patch your systems now. The post Vulnerability Recap 6/24/24 – Patch Highlights Across Platforms appeared first on eSecurity Planet.In last week’s vulnerability news, major companies performed recent patches to resolve critical vulnerabilities across various software and hardware platforms. Microsoft addressed a remote code execution issue. ASUS fixed authentication bypass

cve-2024-22243

cve-2024-37081

cve-2024-22259

cve-2024-22257

Social Media

Soufiane

@S0ufi4n3

2024-07-10

VMware vCenter - CVE-2024-37081 PoC. This can be leveraged by attackers to execute arbitrary commands with root privileges. https://t.co/gcVG6mOW5b

blueblue

@piedpiper1616

2024-07-10

GitHub - Mr-r00t11/CVE-2024-37081 - https://t.co/kvp7SoB37Q

Dmitry Kurbatov

@DmitKurbatov

2024-07-09

Impact on Telco Cloud: Vulnerabilities in vCenter (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081). More details https://t.co/a9Y0IgIC0i https://t.co/NvZyeIG84F

Gray Hats

@the_yellow_fall

2024-07-09

A researcher has published a #PoC targeting CVE-2024-37081 in the #VMware vCenter Server. This flaw, rooted in the misconfiguration of sudo permissions, poses a significant risk, allowing local users to escalate their access to root on vCenter Server https://t.co/wL1Zhk0o7M

CyberBrainers

@cyberbrainers

2024-07-01

CVE-2024-37081: una tercera vulnerabilidad surge de una configuración incorrecta de sudo en vCenter Server, lo que permite a un usuario local autenticado aprovechar este fallo para elevar sus privilegios a root en el dispositivo vCenter Server. https://t.co/VLmZDmlpkq

SMIIT CyberAI

@SmiitCyberAI

2024-06-20

🔒 VMware has patched critical vulnerabilities in vCenter Server, addressing remote code execution and privilege escalation issues (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081). Ensure your systems are updated. More info on Broadcom Support Portal. #CyberSecurity #VMware https://t.co/x6swZnUO8B

K-iS Systemhaus

@kissystemhaus

2024-06-20

⚠️VMware/Broadcom hat mit der CVE-2024-37079, CVE-2024-37080 sowie der CVE-2024-37081 Schwachstellen bekannt gegeben. ⚠️ 👉Weitere Infos & Handlungsempfehlung unter https://t.co/kpdqWsI28R #itsicherheit #ITSecurity #vmware #handlungsempfehlung #schwachstellen #kissystemhaus https://t.co/2w4YPeRJhA

an0n

@an0n_r0

2024-06-19

Quickly built a @pdnuclei template for easy scanning against this fresh vCenter (potential) RCE (+privesc) tagged with VMSA-2024-0012, CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 (https://t.co/4UqezPlj54) Here it is: https://t.co/7fQJcljyY8

RF Wave

@rfwaveio

2024-06-19

Two of the vulnerabilities, tracked as CVE-2024-37079 and 37080, can lead to remote code execution, and the third vulnerability, tracked as CVE-2024-37081, can lead to privilege escalation

Anonymous🐾🐈‍⬛🍵☕

@YourAnonRiots

2024-06-18

#VMware has released patches for Cloud Foundation, vCenter Server, and vSphere ESXi to fix critical flaws that could allow RCE and privilege escalation. CVE-2024-37079, CVE-2024-37080 &CVE-2024-37081—and secure your infrastructure now. #infosec https://t.co/8KF3dffskr

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence