Cloud Foundation
CVE-2024-37086
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Primary rating from Vendor (vmware) · only source for this CVE.
CVSS VectorVendor: vmware
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
1DescriptionCVE.org
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.
AnalysisAI
VMware ESXi contains an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host. Affected products include: Vmware Cloud Foundation, Vmware Esxi.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
More in Cloud Foundation
View allVMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrator
VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes,
VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowi
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. Rated critical severity (CV
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. Rated critical sev
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. Rated h
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today