VMware vCenter Server Vulnerability-Attackers Escalate Privileges


VMware has issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities in its vCenter Server and VMware Cloud Foundation products.

CVE-2024-38812 and CVE-2024-38813 vulnerabilities could allow attackers to execute remote code and escalate privileges.

CVE-2024-38812: Heap-Overflow Vulnerability

The first vulnerability, CVE-2024-38812, is a heap overflow issue found in implementing the DCERPC protocol within the vCenter Server, as per a report by Broadcom.

– Advertisement –
EHA

This vulnerability has been assigned a maximum CVSSv3 base score of 9.8, placing it in the critical severity range.

Attackers with access to vCenter Server can exploit this vulnerability by sending specially crafted network packets.

Successful exploitation could lead to remote code execution, allowing attackers to gain control over the affected systems.

Resolution

VMware has released updates to address this vulnerability. Users are advised to apply the updates in the ‘Fixed Version’ column of the response matrix to secure their deployments.

No viable in-product workarounds are available for CVE-2024-38812. VMware has provided a supplemental FAQ for further clarification on this issue.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

CVE-2024-38813: Privilege Escalation Vulnerability

CVE-2024-38813 is a privilege escalation vulnerability that allows attackers with network access to escalate privileges to the root by sending specially crafted network packets. This vulnerability carries a CVSSv3 base score of 7.5, categorized as critical.

Like the heap overflow vulnerability, attackers can exploit this issue remotely by accessing the network and sending malicious packets, potentially gaining elevated privileges.

Resolution

Updates are available for affected deployments to remediate this vulnerability. Users should refer to the response matrix for details on securing their systems.

There are no workarounds for CVE-2024-38813. VMware has also provided additional documentation through a supplemental FAQ.

Response Matrix

VMware Product Version CVE(s) CVSSv3 Severity Fixed Version
vCenter Server 8.0 CVE-2024-38812, 38813 9.8, 7.5 Critical 8.0 U3b
vCenter Server 7.0 CVE-2024-38812, 38813 9.8, 7.5 Critical 7.0 U3s
VMware Cloud Foundation 5.x CVE-2024-38812, 38813 9.8, 7.5 Critical Async patch to 8.0 U3b
VMware Cloud Foundation 4.x CVE-2024-38812, 38813 9.8, 7.5 Critical Async patch to 7.0 U3s

VMware urges all affected product users to apply these updates promptly to mitigate potential risks associated with these vulnerabilities.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial



Source link