.. / CVE-2024-22274

Exploit for VMware vCenter Server (7.0, 8.0), VMware Cloud Foundation (4.x, 5.x) - Authenticated Remote Code Execution (CVE-2024-22274)

Description:

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system as the “root” user.

Affected Products:

Proof of Concept

PoC exploit

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-22274
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308