On Tuesday, Broadcom released crucial updates for VMware vCenter Server to patch a critical heap-overflow vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8). This flaw, found in the DCE/RPC protocol, could allow a remote attacker with network access to execute arbitrary code by sending specially crafted packets.
This issue is similar to previous remote code execution flaws (CVE-2024-37079 and CVE-2024-37080), which were resolved by VMware in June 2024. Alongside CVE-2024-38812, VMware also addressed a privilege escalation vulnerability (CVE-2024-38813), which could enable an attacker to escalate their privileges to root by exploiting network access.
Patch Information:
- vCenter Server 8.0: Fixed in 8.0 U3b
- vCenter Server 7.0: Fixed in 7.0 U3s
- VMware Cloud Foundation 5.x: Fixed in 8.0 U3b (as an asynchronous patch)
- VMware Cloud Foundation 4.x: Fixed in 7.0 U3s (as an asynchronous patch)
Though there is no evidence of malicious exploitation yet, Broadcom urges all VMware vCenter Server users to immediately update their installations to these patched versions to prevent potential threats.
These vulnerabilities stem from improper memory management and corruption issues, which can expose VMware vCenter services to remote code execution.
Links:
https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html