Two critical vulnerabilities in VMware’s vCenter Server platform were recently patched by Broadcom, with the more severe of the two being CVE-2024-38812. The company notes that there is a possibility of Remote Code Execution (RCE) attacks as a result of the vulnerability.
VMware vCenter Server is a widely used application in many organizations for managing virtual machines and ESXi hosts, which makes these vulnerabilities particularly concerning.
A heap overflow vulnerability in the Distributed Computing Environment/Remote Procedure Call (DCERPC) protocol is the cause of the CVE-2024-38812 (CVSS: 9.8) issue. By delivering a specially crafted network packet, an attacker with access to the vCenter Server network might take advantage of this vulnerability and potentially cause RCE and complete system compromise.
This vulnerability in VMware vCenter Server allows for privilege escalation. With a CVSSv3 base score of 7.5, this flaw can be exploited by an attacker with network access. By sending a specially crafted network packet, the attacker could elevate their privileges to root, potentially compromising the entire system.
We strongly recommend that customers upgrade to the latest fixed version. Potential in-product workarounds were explored but found to be unfeasible.
Product | Affected Version | Fixed Version |
VMware vCenter | 8.0 | |
7.0 | ||
VMware Cloud Foundation | 5.x | |
4.x |
Please adhere to your organization’s patching and testing procedures to reduce any possible operational impact.
Wired Ethernet is no longer the best option for many enterprises. The preferred network access technology for users and endpoints […]
The human domain is complex and unpredictable, and as a result the logic behind certain behaviors are also complex. The […]
Recently, our Incident response team at HAWKEYE received a frantic call from one of our clients saying that their o365 […]