Exploitation Summary
EIP tracks 4 public exploits for CVE-2024-37081.
PoCs published by Mr-r00t11, mbadanoiu, CERTologists, including Metasploit module exploits/linux/local/vcenter_sudo_lpe.
AI-analyzed exploit summary This repository contains a functional Python-based PoC for CVE-2024-37081, which exploits a misconfiguration in VMware vCenter's sudoers file to execute arbitrary commands with root privileges via environment variable manipulation.
Description
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
Exploits (4)
This repository contains a functional Python-based PoC for CVE-2024-37081, which exploits a misconfiguration in VMware vCenter's sudoers file to execute arbitrary commands with root privileges via environment variable manipulation.
The repository claims to detail a local privilege escalation vulnerability in VMware vCenter Server due to sudo misconfiguration but provides no actual exploit code. Instead, it redirects users to an external PDF for details, which is a common tactic in suspicious repositories.
The repository contains only a vague README with no technical details or exploit code, claiming a 'modified' PoC for CVE-2024-37081 without providing any substance. It appears to be a social engineering lure.
This Metasploit module exploits a sudo misconfiguration in VMware vCenter Server to achieve local privilege escalation (LPE) by leveraging environment variable manipulation (PYTHONPATH, VMWARE_PYTHON_PATH, or VMWARE_PYTHON_BIN) to execute arbitrary payloads as root.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H