PT-2024-4600 · Vmware · Vmware Vcenter Server+1

Mal

Published

2024-05-21

Updated

2025-06-30

CVE-2024-22274

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: VMware vCenter Server (affected versions not specified)

Description: The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system. A proof-of-concept (PoC) exploit has been released for this vulnerability, potentially allowing authenticated remote code execution.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2024-05108

CVE-2024-22274

Affected Products

Vmware Vcenter

Vmware Vcenter Server

PT-2024-4600 · Vmware · Vmware Vcenter Server+1

CVE-2024-22274

Weakness Enumeration

Related Identifiers

Affected Products

References · 32