VMware vCenter Server Vulnerabilities Let Attackers Execute Remote Code

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

VMware has disclosed two critical security vulnerabilities affecting its vCenter Server and Cloud Foundation products that could allow attackers to execute remote code and escalate privileges.

The company is urging customers to patch affected systems immediately.

The more critical flaw, tracked as CVE-2024-38812, is a heap-overflow vulnerability in implementing the DCERPC protocol within vCenter Server. It has received a critical severity rating with a CVSS score of 9.8 out of 10.

According to VMware’s advisory, an attacker with network access to a vulnerable vCenter Server could trigger this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

The second vulnerability, CVE-2024-38813, is a privilege escalation flaw in the vCenter Server, which is rated as important, with a CVSS score of 7.5. It could allow an attacker to escalate privileges to root by sending a malicious network packet.

Both vulnerabilities impact VMware vCenter Server versions 7.0 and 8.0, as well as VMware Cloud Foundation versions 4.x and 5.x.

VMware has released patches to address the flaws and strongly recommends customers apply the updates as soon as possible.

For vCenter Server, users should upgrade to versions 8.0 U3b or 7.0 U3s. Cloud Foundation customers should apply the async patch referenced in KB88287.

The company said it is not aware of any in-the-wild exploitation of these vulnerabilities so far. However, given the critical nature of vCenter Server in managing virtualized environments, these flaws are likely to be attractive targets for attackers.

Researchers participating in the 2024 Matrix Cup hacking contest in China discovered the vulnerabilities and reported them to VMware

With no viable workarounds available, patching remains the only effective mitigation. Organizations running affected VMware products are advised to prioritize applying security updates to protect their environments from potential attacks and leverage these high-severity flaws.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial