VMware has issued a critical security advisory addressing three critical vulnerabilities in vCenter Server, an essential platform for centralized management of virtual machines and ESXi hosts in VMware vSphere. The vulnerabilities include remote code execution and local privilege escalation defects, underscoring the urgent need to apply the corresponding patches to prevent potential exploitations.
Critical vulnerabilities discovered
The vulnerabilities identified in vCenter Server are:
CVE-2024-37079: A heap overflow vulnerability in the DCERPC protocol implementation of vCenter Server. This flaw allows an attacker with network access to send specially crafted packets, which could result in remote code execution. The CVSS v3.1 score for this vulnerability is 9.8, categorizing it as critical.
CVE-2024-37080: Similar to CVE-2024-37079, this vulnerability is also a heap overflow in the DCERPC protocol. An attacker with network access can exploit this flaw by sending crafted packets, which may lead to remote code execution. This vulnerability also has a CVSS v3.1 score of 9.8, classifying it as critical.
CVE-2024-37081: Incorrect sudo configuration in vCenter Server allows an authenticated local user to elevate their privileges to root on the device. The CVSS v3.1 score for this vulnerability is 7.8, considering it as high.
Update recommendations
The affected versions of these vulnerabilities include versions 7.0 and 8.0 of VMware vCenter Server and versions 4.x and 5.x of VMware Cloud Foundation. However, versions of vSphere that have reached the end of general support, such as vSphere 6.5 and 6.7, will not receive assessments or updates for these vulnerabilities.
VMware has emphasized that there are no alternative solutions within the product for any of the three vulnerabilities, so the main recommendation is to apply the updates as soon as possible. Version 8.0 U1e is available to address the two critical flaws, although it does not address the privilege escalation vulnerability. It is crucial for companies and users to follow the standard patching process, downloading and applying updates from the VMware website.
Importance of updating
Although VMware stated there is no evidence of active exploitation of these flaws, it is vital for administrators to understand the potential consequences and prioritize the patching process to avoid risks of unauthorized access, data breaches, and service interruptions.
For more information on these vulnerabilities and available updates, visit the following links:
The immediate application of these patches is crucial to maintaining the security and operability of infrastructures managed by vCenter Server.
Source: Hispasec.