CVE-2024-22274

HIGH

vCenter Server - RCE

Title source: llm

Description

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

Exploits (4)

nomisec WORKING POC 44 stars

by l0n3m4n · poc

https://github.com/l0n3m4n/CVE-2024-22274-RCE

View Code ZIP pw:eip

nomisec SUSPICIOUS 38 stars

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2024-22274

View Code ZIP pw:eip

nomisec WORKING POC

by Mustafa1986 · poc

https://github.com/Mustafa1986/CVE-2024-22274-RCE

View Code ZIP pw:eip

nomisec WORKING POC

by ninhpn1337 · poc

https://github.com/ninhpn1337/CVE-2024-22274

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308

Scores

CVSS v3 7.2

EPSS 0.6347

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (3)

vmware/cloud_foundation 4.0 - 5.1.1

vmware/vcenter_server 7.0 (30 CPE variants)

vmware/vcenter_server 8.0 (12 CPE variants)

Published May 21, 2024

Tracked Since Feb 18, 2026