CVE-2024-37081

HIGH

vCenter Sudo Privilege Escalation

Title source: metasploit

Description

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

Exploits (5)

nomisec WORKING POC 58 stars

by Mr-r00t11 · poc

https://github.com/Mr-r00t11/CVE-2024-37081

View Code ZIP pw:eip

nomisec SUSPICIOUS 10 stars

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2024-37081

View Code ZIP pw:eip

nomisec SUSPICIOUS

by CERTologists · poc

https://github.com/CERTologists/Modified-CVE-2024-37081-POC

View Code ZIP pw:eip

nomisec

by CERTologists · poc

https://github.com/CERTologists/-CVE-2024-37081-POC

View on nomisec

metasploit WORKING POC GREAT

by h00die, Matei, Badanoiu · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/vcenter_sudo_lpe.rb

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

Scores

CVSS v3 7.8

EPSS 0.4987

EPSS Percentile 97.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-556

Status published

Products (3)

vmware/cloud_foundation 4.0 - 5.2

vmware/vcenter_server 8.0 (14 CPE variants)

vmware/vcenter_server 7.0 (31 CPE variants)

Published Jun 18, 2024

Tracked Since Feb 18, 2026