CVE-2024-37081

Name of the Vulnerable Software and Affected Versions VMware vCenter Server (affected versions not specified)

Description The vCenter Server contains multiple local privilege escalation issues due to a misconfiguration of sudo. An authenticated local user with non-administrative privileges may be able to exploit these issues to elevate privileges to root on the vCenter Server Appliance. A proof-of-concept exploit has been published and is available online. Approximately 40,000 systems are potentially affected. The root cause of the issue is a misconfiguration in the /etc/sudoers file, which allows for the preservation of dangerous environment variables during sudo command execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.