CVE-2024-38812: VMware vCenter Server RCE Vulnerability
Background
Two critical vulnerabilities in VMware’s vCenter Server platform were recently patched by Broadcom, with the more severe of the two being CVE-2024-38812. The company notes that there is a possibility of Remote Code Execution (RCE) attacks as a result of the vulnerability.
VMware vCenter Server is a widely used application in many organizations for managing virtual machines and ESXi hosts, which makes these vulnerabilities particularly concerning.
Technical Analysis
CVE-2024-38812:
A heap overflow vulnerability in the Distributed Computing Environment/Remote Procedure Call (DCERPC) protocol is the cause of the CVE-2024-38812 (CVSS: 9.8) issue. By delivering a specially crafted network packet, an attacker with access to the vCenter Server network might take advantage of this vulnerability and potentially cause RCE and complete system compromise.
CVE-2024-38813:
This vulnerability in VMware vCenter Server allows for privilege escalation. With a CVSSv3 base score of 7.5, this flaw can be exploited by an attacker with network access. By sending a specially crafted network packet, the attacker could elevate their privileges to root, potentially compromising the entire system.
Recommendations
We strongly recommend that customers upgrade to the latest fixed version. Potential in-product workarounds were explored but found to be unfeasible.
Product | Affected Version | Fixed Version |
VMware vCenter | 8.0 | |
7.0 | ||
VMware Cloud Foundation | 5.x | |
4.x |
Please adhere to your organization’s patching and testing procedures to reduce any possible operational impact.