Broadcom has issued critical security updates for severe vulnerabilities in VMware vCenter Server that allow remote code execution and privilege escalation. The flaws, CVE-2024-38812 and CVE-2024-38813, impact multiple versions of vCenter Server and VMware Cloud Foundation.
VMware vCenter Server Vulnerabilities
The more severe vulnerability, CVE-2024-38812, is a heap overflow flaw in the DCERPC protocol. With a CVSS score of 9.8 out of 10, this vulnerability lets an attacker with network access to the vCenter Server execute remote code by sending a specially crafted network packet. It affects vCenter Server versions 7.0 and 8.0, as well as Cloud Foundation versions 4.x and 5.x.
Broadcom also patched CVE-2024-38813, a privilege escalation vulnerability with a CVSS score of 7.5. This flaw allows an attacker with network access to escalate privileges to the root level by sending a specially crafted network packet.
Researchers Zbl and srs from team TZL discovered these vulnerabilities during the 2024 Matrix Cup cybersecurity contest in China.
Broadcom has stated there are currently no known exploits for these vulnerabilities in the wild. However, due to the critical role of vCenter Server in managing virtual environments, organizations are strongly urged to apply the patches immediately.
For vCenter Server 8.0, users should update to version 8.0 U3d, while those on version 7.0 should upgrade to 7.0 U3t. Cloud Foundation customers need to apply asynchronous patches for the corresponding vCenter Server versions.
Broadcom indicated that the initial patches released on September 17, 2024, did not completely resolve CVE-2024-38812. They have since issued updated patches and encourage customers to apply the latest versions in their advisory.
These vulnerabilities emphasize the importance of timely patching and security in virtualization environments.
As a key tool for managing VMware infrastructure, vCenter Server is a prime target for cybercriminals and state-sponsored threats.
Organizations using affected VMware products should prioritize these updates to lower the risk of attacks exploiting these serious vulnerabilities.
Leave A Comment