Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mbadanoiu/cve-2024-37081

CVE-2024-37081: Multiple Local Privilege Escalation in VMware vCenter Server
https://github.com/mbadanoiu/cve-2024-37081

0-day authenticated cve cve-2024-37081 cves local-privilege-escalation

Last synced: 2 days ago
JSON representation

CVE-2024-37081: Multiple Local Privilege Escalation in VMware vCenter Server

Host: GitHub
URL: https://github.com/mbadanoiu/cve-2024-37081
Owner: mbadanoiu
Created: 2024-07-06T18:29:13.000Z (4 months ago)
Default Branch: main
Last Pushed: 2024-07-06T18:38:16.000Z (4 months ago)
Last Synced: 2024-07-06T20:41:33.067Z (4 months ago)
Topics: 0-day, authenticated, cve, cve-2024-37081, cves, local-privilege-escalation
Homepage:
Size: 1.08 MB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# CVE-2024-37081: Multiple Local Privilege Escalation in VMware vCenter Server

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

### Vendor Disclosure:

The vendor's disclosure for this vulnerability can be found [here](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453).

### Requirements:

This vulnerability requires:

- Ability to run system commands as a misconfigured sudo user or group

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2024-37081/blob/main/VMware%20vCenter%20-%20CVE-2024-37081.pdf).