VMware has released a critical security advisory, VMSA-2024-0012, addressing multiple vulnerabilities in VMware vCenter Server, a core component of VMware vSphere and VMware Cloud Foundation products.
If exploited, these vulnerabilities could allow attackers to execute remote code on affected systems.
The advisory highlights several critical vulnerabilities, including heap overflow and local privilege escalation issues. The most severe of these vulnerabilities have been assigned CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081.
Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan
Heap-Overflow Vulnerabilities (CVE-2024-37079, CVE-2024-37080)
These vulnerabilities exist when implementing the DCERPC protocol within the vCenter Server. They have been rated with a maximum CVSSv3 base score of 9.8, indicating critical severity.
A malicious actor with network access to the vCenter Server can exploit these vulnerabilities by sending specially crafted network packets, potentially leading to remote code execution.
Patch:
VMware has released patches to address these vulnerabilities. Users are advised to apply the updates listed in the ‘Fixed Version’ column of the response matrix below.
Local Privilege Escalation Vulnerability (CVE-2024-37081)
This vulnerability is due to misconfiguration of sudo in vCenter Server, allowing an authenticated local user with non-administrative privileges to elevate their privileges to root. It has a CVSSv3 base score of 7.8, categorized as important.
An authenticated local user can exploit this vulnerability to gain root access on the vCenter Server Appliance.
Patch:
Patches have been released to remediate this issue. Users should apply the updates listed in the response matrix.
Response Matrix
| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
|---|---|---|---|---|---|---|---|---|
| vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | 8.0 U2d | None | FAQ |
| vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080 | 9.8, 9.8 | Critical | 8.0 U1e | None | FAQ |
| vCenter Server | 7.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | 7.0 U3r | None | FAQ |
Impacted Product Suites
| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
|---|---|---|---|---|---|---|---|---|
| Cloud Foundation (vCenter Server) | 5.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | KB88287 | None | FAQ |
| Cloud Foundation (vCenter Server) | 4.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | KB88287 | None | FAQ |
Organizations using VMware vCenter Server are urged to apply the necessary patches immediately to mitigate these critical vulnerabilities.
How to Verify Patches
Organizations can verify that patches have been successfully applied to vCenter Server by following these steps:
Access the Appliance Shell:
- Log in to the vCenter Server Appliance shell as a user with super administrator privileges, typically the root user.
List Installed Patches:
- Use the
software-packagesutility to view the list of installed patches. Run the following command to see all patches currently applied to the vCenter Server Appliance:bash software-packages list - To view the patches in chronological order, use:
bash software-packages list --history - This command provides a detailed list of all patches applied, including the installation date and other relevant details.
Check Specific Patch Details:
- If you need to verify details about a specific patch, use the following command:
bash software-packages list --patch - Replace
bash software-packages list --patch VMware-vCenter-Server-Appliance-Patch1 - This command will display comprehensive details about the specified patch, such as the vendor, description, and installation date.
Use the vCenter Server Management Interface (VAMI):
- Log in to the VAMI at
https://using the root account.:5480 - Navigate to the “Update” section. In the “Current version details” pane, you can view the vCenter Server version and build number.
- The “Available Updates” pane will show the status of updates, including whether they have been installed successfully.
Verify System Functionality:
- After applying patches, ensure that the vCenter Server Appliance is functioning correctly. Check critical services and perform routine operations to confirm that the system is stable and operating as expected.
By following these steps, organizations can effectively verify that the latest patches have been successfully applied to their vCenter Server, ensuring the system is up-to-date and secure.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free