Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mbadanoiu/cve-2024-22275
CVE-2024-22275: Partial File Read in VMware vCenter Server
https://github.com/mbadanoiu/cve-2024-22275
0-day authenticated cve cve-2024-22275 cves file-read
Last synced: 2 days ago
JSON representation
CVE-2024-22275: Partial File Read in VMware vCenter Server
- Host: GitHub
- URL: https://github.com/mbadanoiu/cve-2024-22275
- Owner: mbadanoiu
- Created: 2024-07-06T18:14:28.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2024-07-06T18:24:53.000Z (4 months ago)
- Last Synced: 2024-07-06T20:34:26.744Z (4 months ago)
- Topics: 0-day, authenticated, cve, cve-2024-22275, cves, file-read
- Homepage:
- Size: 609 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CVE-2024-22275: Partial File Read in VMware vCenter Server
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.
### Vendor Disclosure:
The vendor's disclosure for this vulnerability can be found [here](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308).
### Requirements:
This vulnerability requires:
- Valid credentials for a user that can execute the "com.vmware.rvc" command
### Proof Of Concept:
More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2024-22275/blob/main/VMware%20vCenter%20-%20CVE-2024-22275.pdf).