CVE-2024-38812: Critical threat to your virtual infrastructure

Friend

Professional
Messages
2,675
Reaction score
1,002
Points
113
A bug in the vCenter Server code opened the door to remote hacking.

Broadcom has released updates to address a critical vulnerability in VMware vCenter Server that could lead to remote code execution. A vulnerability with a CVSS score of 9.8, designated CVE-2024-38812, is associated with a buffer overflow in the DCE/RPC protocol.

According to the developer, attackers with network access can use specially crafted network packets to activate this vulnerability, allowing remote code to be executed on the vCenter server.

This flaw is similar to two other remote code execution vulnerabilities, CVE-2024-37079 and CVE-2024-37080, which were fixed in June 2024. These vulnerabilities also have a CVSS score of 9.8.

In addition, the elevation of privilege vulnerability CVE-2024-38813 with a score of 7.5 has been fixed to allow attackers with network access to root privilege escalation. The attack is also possible when sending specially crafted network packets.

Both vulnerabilities were discovered by security researchers from the TZL team during the Matrix Cup cybersecurity competition, which took place in China in June 2024.

Patches are available for the following versions:
  • vCenter Server 8.0 (fixed in version 8.0 U3b);
  • vCenter Server 7.0 (fixed in version 7.0 of U3s);
  • VMware Cloud Foundation 5.x (patch available for version 8.0 U3b)
  • VMware Cloud Foundation 4.x (fixed in version 7.0 U3s).

Broadcom stressed that at the moment there is no data on attackers exploiting these vulnerabilities, but users are urged to update their systems to prevent potential attacks.

The vulnerabilities are related to memory management errors, which make it possible to execute remote code when exploiting VMware vCenter services.

These events coincided with the publication of a joint warning from the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI. It emphasizes the need to address cross-site scripting (XSS) vulnerabilities that attackers can exploit to compromise systems.

Source
 
Top