Such a flaw — which is a heap overflow in the platform’s Distributed Computing Environment / Remote Procedure Call protocol — could be leveraged by threat actors with vCenter Server network access to facilitate code execution through a custom network packet, according to VMware, which did not provide additional information about the inadequate fix. However, VMware was able to remediate a high-severity privilege escalation issue in vCenter Server, tracked as CVE-2024-38813, with the recent update.
Source: SC Magazine