Broadcom has released critical security updates to address severe vulnerabilities in VMware vCenter Server that could allow attackers to execute remote code and escalate privileges.
The flaws, tracked as CVE-2024-38812 and CVE-2024-38813, affect multiple versions of vCenter Server and VMware Cloud Foundation.
The more severe vulnerability, CVE-2024-38812, is a heap overflow flaw in implementing the DCERPC protocol.
A CVSS score of 9.8 out of 10 allows an attacker with network access to the vCenter Server to potentially execute remote code by sending a specially crafted network packet. This critical issue affects vCenter Server versions 7.0 and 8.0 and Cloud Foundation versions 4.x and 5.x.
Join ANY.RUN's FREE webinar on How to Improve Threat Investigations on Oct 23 - Register Here
Additionally, Broadcom patched CVE-2024-38813, a privilege escalation vulnerability with a CVSS score of 7.5. This flaw enables an attacker with network access to escalate privileges to the root level by sending a maliciously crafted network packet.
Researchers Zbl and srs of team TZL discovered the vulnerabilities during the 2024 Matrix Cup cybersecurity contest in China.
Broadcom has stated that there are currently no known exploits of these vulnerabilities in the wild. However, given the critical nature of vCenter Server in managing virtualized environments, organizations are strongly advised to apply the patches immediately.
For vCenter Server 8.0, users should update to version 8.0 U3d, while those running version 7.0 should upgrade to 7.0 U3t. Cloud Foundation customers need to apply asynchronous patches to the corresponding vCenter Server versions.
Broadcom noted that initial patches released on September 17, 2024, did not fully address CVE-2024-38812. The company has since released updated patches and urges all customers to apply the latest versions listed in their advisory.
These vulnerabilities underscore the ongoing importance of prompt patching and security maintenance in enterprise virtualization environments.
As the vCenter Server is a critical component for managing VMware infrastructure, it remains an attractive target for cybercriminals and state-sponsored threat actors alike.
Organizations using affected VMware products should prioritize these updates to mitigate the risk of potential attacks exploiting these high-severity vulnerabilities.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here