关联漏洞
标题:VMvare vCenter Server 安全漏洞 (CVE-2024-37081)Description:VMware vCenter Server是美国威睿(VMware)公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台,可自动实施和交付虚拟基础架构。 VMvare vCenter Server 8.0 U2d之前、7.0 U3r之前版本存在安全漏洞,该漏洞源于sudo 配置错误,具有非管理权限的经过身份验证的本地用户可以利用这些问题将权限提升到root 权限。
Description
CVE-2024-37081: Multiple Local Privilege Escalation in VMware vCenter Server
介绍
# CVE-2024-37081: Multiple Local Privilege Escalation in VMware vCenter Server
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
### Vendor Disclosure:
The vendor's disclosure for this vulnerability can be found [here](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453).
### Requirements:
This vulnerability requires:
<br/>
- Ability to run system commands as a misconfigured sudo user or group
### Proof Of Concept:
More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2024-37081/blob/main/VMware%20vCenter%20-%20CVE-2024-37081.pdf).
文件快照
[4.0K] /data/pocs/038d0ae418032a9babd0d05a0509baa5bba321ff
├── [ 863] README.md
└── [1.3M] VMware vCenter - CVE-2024-37081.pdf
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。