We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

CVE-2024-38812: VMware vCenter Server RCE Vulnerability

September 20, 2024
CVE, Cybersecurity, Vulnerability Assessment
HawkEye Managed MDR

Background

Two critical vulnerabilities in VMware’s vCenter Server platform were recently patched by Broadcom, with the more severe of the two being CVE-2024-38812. The company notes that there is a possibility of Remote Code Execution (RCE) attacks as a result of the vulnerability.

VMware vCenter Server is a widely used application in many organizations for managing virtual machines and ESXi hosts, which makes these vulnerabilities particularly concerning.

Technical Analysis

CVE-2024-38812:

A heap overflow vulnerability in the Distributed Computing Environment/Remote Procedure Call (DCERPC) protocol is the cause of the CVE-2024-38812 (CVSS: 9.8) issue. By delivering a specially crafted network packet, an attacker with access to the vCenter Server network might take advantage of this vulnerability and potentially cause RCE and complete system compromise.

CVE-2024-38813:

This vulnerability in VMware vCenter Server allows for privilege escalation. With a CVSSv3 base score of 7.5, this flaw can be exploited by an attacker with network access. By sending a specially crafted network packet, the attacker could elevate their privileges to root, potentially compromising the entire system.

Recommendations

We strongly recommend that customers upgrade to the latest fixed version. Potential in-product workarounds were explored but found to be unfeasible.

Product 

Affected Version 

Fixed Version 

VMware vCenter 

8.0 

8.0 U3b 

7.0 

7.0 U3s 

VMware Cloud Foundation 

5.x 

Async patch to 8.0 U3b 

4.x 

Async patch to 7.0 U3s 


Please adhere to your organization’s patching and testing procedures to reduce any possible operational impact.

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/

You may also like

Ready to get started?

Contact us to arrange a half day
Managed SOC and XDR workshop in Dubai

Contact Us

Ready to get started?

Contact us to arrange a half day Managed SOC and XDR workshop in Dubai

Contact Us
Linkedin Twitter Facebook Instagram Youtube

HawkEye

Packages

CSOC

Explore

© 2025 HawkEye – Managed CSOC and XDR powered by DTS Solution. All Rights Reserved.
Contact
This is a staging environment