Security Advisory 2024-100

Release Date:

Critical RCE Vulnerability in VMware vCenter Server

Download

History:

  • 18/09/2024 --- v1.0 -- Initial publication

Summary

On September 17, 2024, Broadcom released a fix for a critical vulnerability tracked as CVE-2024-38812 in VMware vCenter Server, enabling remote code execution (RCE) via a specially crafted network packet [1].

Technical Details

  • The critical vulnerability CVE-2024-38812 is caused by a heap overflow in vCenter Server's DCE/RPC protocol implementation. This allows an unauthenticated attacker to remotely execute arbitrary code without user interaction.

  • Another high-severity vulnerability, CVE-2024-38813, enables privilege escalation to root via specially crafted network packets.

Affected Products

The following products are affected:

  • VMware vCenter Server 7.0 (fixed in 7.0 U3s) and 8.0 (fixed in 8.0 U3b)
  • VMware Cloud Foundation 4.x (fixed in async patch to 7.0 U3s) and 5.x (fixed in async patch to 8.0 U3b)

Recommendations

CERT-EU recommends to apply the available patches via the VMware Security Advisory [2].

References

[1] https://www.bleepingcomputer.com/news/security/broadcom-fixes-critical-rce-bug-in-vmware-vcenter-server/

[2] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.