Contents:
Hackers are exploiting two VMware vCenter Server flaws, one of which is a critical remote code execution flaw.
Both vulnerabilities received security updates in September 2024, but the initial patches didn’t solve the problems completely. Thus, in October, VMware released a new patch to close the RCE vulnerability.
Now security researchers warn users that they’ve observed the two VMware vCenter Server flaws being exploited in the wild. So, users should prioritize patching CVE-2024-38812 again, to avoid an RCE attack.
VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not fully address CVE-2024-38812. All customers are strongly encouraged to apply the patches currently listed in the Response Matrix. Additionally, patches for 8.0 U2 line are also available.
Source – Broadcom Support Notification
More about the VMware vCenter Server vulnerabilities
Both vCenter Server vulnerabilities were revealed at the end of June 2024, during Matrix Cup, a hacking competition in China. Here’s what they are and why they pose a risk for VMware’s users:
CVE-2024-38812
This is a heap-overflow bug in the implementation of the DCE/RPC protocol. Once a threat actor gains network access to vCenter Server, they can send customized messages to exploit the vulnerability for Remote Code Execution.
CVE-2024-38812 has a base score of 9.8, which is critical. It impacts two of Broadcom’s products, VMware Cloud Foundation and VMware vCenter Server.
CVE-2024-38813
The second vulnerability has a Critical base score according to NIST’s National Vulnerability Database – 9.8 but was evaluated as a High – 7.5 base score from VMware, the vendor. Hackers can exploit CVE-2024-38813 for privilege escalation. Getting root privileges can grant the attackers complete control over the system.
The flaw impacts VMware vCenter Server versions 8.0, 7.0, and VMware Cloud Foundation versions 5.x, 5.1.x, 4.x.
You can read more about how to close the VMware vCenter Server vulnerabilities properly here.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.