Heimdal
article featured image

Contents:

Hackers are exploiting two VMware vCenter Server flaws, one of which is a critical remote code execution flaw.

Both vulnerabilities received security updates in September 2024, but the initial patches didn’t solve the problems completely. Thus, in October, VMware released a new patch to close the RCE vulnerability.

Now security researchers warn users that they’ve observed the two VMware vCenter Server flaws being exploited in the wild. So, users should prioritize patching CVE-2024-38812 again, to avoid an RCE attack.

VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not fully address CVE-2024-38812. All customers are strongly encouraged to apply the patches currently listed in the Response Matrix. Additionally, patches for 8.0 U2 line are also available.

Source – Broadcom Support Notification

More about the VMware vCenter Server vulnerabilities

Both vCenter Server vulnerabilities were revealed at the end of June 2024, during Matrix Cup, a hacking competition in China. Here’s what they are and why they pose a risk for VMware’s users:

CVE-2024-38812

This is a heap-overflow bug in the implementation of the DCE/RPC protocol. Once a threat actor gains network access to vCenter Server, they can send customized messages to exploit the vulnerability for Remote Code Execution.

CVE-2024-38812 has a base score of 9.8, which is critical. It impacts two of Broadcom’s products, VMware Cloud Foundation and VMware vCenter Server.

CVE-2024-38813

The second vulnerability has a Critical base score according to NIST’s National Vulnerability Database – 9.8 but was evaluated as a High – 7.5 base score from VMware, the vendor. Hackers can exploit CVE-2024-38813 for privilege escalation. Getting root privileges can grant the attackers complete control over the system.

The flaw impacts VMware vCenter Server versions 8.0, 7.0, and VMware Cloud Foundation versions 5.x, 5.1.x, 4.x.

You can read more about how to close the VMware vCenter Server vulnerabilities properly here.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE