CVE-2024-22274: Authenticated Remote Code Execution in VMware vCenter Server

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system as the "root" user.

Vendor Disclosure:

The vendor's disclosure for this vulnerability can be found here.

Requirements:

This vulnerability requires:

Valid credentials for user with "admin" role

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md
VMware vCenter - CVE-2024-22274.pdf		VMware vCenter - CVE-2024-22274.pdf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-22274: Authenticated Remote Code Execution in VMware vCenter Server

Vendor Disclosure:

Requirements:

Proof Of Concept:

About

mbadanoiu/CVE-2024-22274

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-22274: Authenticated Remote Code Execution in VMware vCenter Server

Vendor Disclosure:

Requirements:

Proof Of Concept:

About

Topics

Resources

Stars

Watchers

Forks