VMware alerts about two vulnerabilities in vCenter Server that could allow code execution and privilege escalation.
VMware, now under the ownership of Broadcom, has released new security updates for its vCenter Server product, after identifying two critical vulnerabilities (CVE-2024-38812 and CVE-2024-38813). These vulnerabilities, which affect resource management and privileges in virtual servers, pose a significant risk to enterprise environments using vCenter, as they could be exploited by malicious actors with network access.
Detected vulnerabilities: potential risks
The most serious issue, identified as CVE-2024-38812, is a stack overflow vulnerability in the DCERPC protocol implementation, which could allow remote code execution. This vulnerability has a CVSSv3 score of 9.8, placing it in the critical range. An attacker with network access could exploit it by sending a manipulated network packet, triggering remote code execution on the affected server.
Meanwhile, CVE-2024-38813 refers to a privilege escalation vulnerability. Although less severe, with a CVSSv3 score of 7.5, it is still significant. A malicious actor could exploit this flaw to gain root privileges, allowing total control over the compromised server.
Patch and updates available
VMware has responded swiftly to these threats by releasing patches for the affected versions of vCenter Server. However, it is important to note that the initial patches released in September 2024 did not fully mitigate the CVE-2024-38812 vulnerability, leading the company to issue a new update on October 21, 2024.
System administrators are highly recommended to install the updated versions of vCenter Server: 8.0 U3d, 8.0 U2e, and 7.0 U3t. For VMware Cloud Foundation users, asynchronous patches are also available. Installing these updates is crucial to protect virtualization environments from potential attacks.
Impact on the industry
These vulnerabilities highlight the importance of keeping virtualization platforms updated, especially in an increasingly digital and cloud-dependent world. Companies using vCenter Server in their daily operations must act quickly to avoid falling victim to possible attacks, as these vulnerabilities allow not only unauthorized access but also full control takeover of critical systems.
VMware remains committed to security
VMware has thanked security researchers, zbl & srs, from the TZL team for discovering these vulnerabilities during the Matrix Cup 2024 competition. The company has made it clear that it will continue to enhance its security solutions and collaborate with the community to ensure its products are resilient against cyber threats.
More information at Broadcom Support.