CVE-2024-38812: VMware vCenter Server RCE Vulnerability

Two critical vulnerabilities in VMware’s vCenter Server platform were recently patched by Broadcom, with the more severe of the two being CVE-2024-38812. The company notes that there is a possibility of Remote Code Execution (RCE) attacks as a result of the vulnerability.
VMware vCenter Server is a widely used application in many organizations for managing virtual machines and ESXi hosts, which makes these vulnerabilities particularly concerning.
A heap overflow vulnerability in the Distributed Computing Environment/Remote Procedure Call (DCERPC) protocol is the cause of the CVE-2024-38812 (CVSS: 9.8) issue. By delivering a specially crafted network packet, an attacker with access to the vCenter Server network might take advantage of this vulnerability and potentially cause RCE and complete system compromise.
This vulnerability in VMware vCenter Server allows for privilege escalation. With a CVSSv3 base score of 7.5, this flaw can be exploited by an attacker with network access. By sending a specially crafted network packet, the attacker could elevate their privileges to root, potentially compromising the entire system.
We strongly recommend that customers upgrade to the latest fixed version. Potential in-product workarounds were explored but found to be unfeasible.
Product | Affected Version | Fixed Version |
VMware vCenter | 8.0 | |
7.0 | ||
VMware Cloud Foundation | 5.x | |
4.x |
Please adhere to your organization’s patching and testing procedures to reduce any possible operational impact.
Emotet is one of the most sophisticated and dangerous malware families currently in existence. It is a modular banking Trojan […]
Background ServiceNow provides a platform for corporate transformation. ServiceNow can be used for various purposes, including HR and employee administration, […]
NSFOCUS researchers examined the DarkCasino attack pattern, which exploited the WinRAR zero-day vulnerability identified as CVE-2023-38831. The financially motivated APT […]