Broadcom, the company that owns VMware, has released patches to address two critical vulnerabilities affecting VMware vCenter Server. These security flaws could be exploited by sending specially crafted network packets, potentially resulting in remote code execution (CVE-2024-38812) or privilege escalation (CVE-2024-38813).
Details of the vulnerabilities
CVE-2024-38812 vulnerability is described as an unauthenticated stack overflow flaw in the implementation of the DCE/RPC protocol, which could potentially lead to remote code execution. On the other hand, although specific details of CVE-2024-38813 vulnerability have not been disclosed, it is known that authenticated attackers could exploit it to escalate privileges to root level.
These vulnerabilities affect versions 8.0 and 7.0 of vCenter Server, as well as versions 5.x and 4.x of VMware Cloud Foundation, as the latter product contains vCenter.
Discovery and reporting
Both vulnerabilities were reported by researchers who participated in the 2024 Matrix Cup, a hacking competition that took place in Qingdao, China, in June of this year. This underscores the importance of security competitions in identifying critical vulnerabilities.
Security recommendations
Broadcom has stated that, to date, it is not aware of these vulnerabilities being exploited “in the wild”. However, the company emphasizes the importance of organizations acting promptly to install one of the updated versions.
“Different mitigations may be available depending on your organization’s security posture, defense-in-depth strategies, and firewall configurations, each organization should independently evaluate the adequacy of these protections,” Broadcom declares. “The most reliable method to address these vulnerabilities is to apply the recommended patches.”
Impact on operations
The company has also assured that updating vCenter will not impact running workloads. “vCenter is the management interface of a vSphere cluster. The use of the vSphere client will be briefly lost during the update, and other management methods will be similarly affected, but virtual machine and container workloads will not be affected,” Broadcom explains.
Background of similar vulnerabilities
It is important to note that this is not the first time critical vulnerabilities have been discovered in vCenter Server. In October 2023, VMware patched an equally critical remote code execution flaw (CVE-2023-34048). Months later, Mandiant revealed that this vulnerability had been exploited for years by a highly advanced China-backed espionage group.
In summary, Broadcom’s swift action in addressing these critical vulnerabilities highlights the importance of keeping virtual infrastructure management systems up to date. System administrators are urged to apply the patches as soon as possible to protect their environments against potential attacks.
More information at VMware.