Man
Professional
- Messages
- 3,079
- Reaction score
- 615
- Points
- 113
Every second of delay increases the risk of intrusion into the corporate network.
Cybersecurity researchers at SonicWall have released a detailed analysis of a critical remote code execution (RCE) vulnerability in VMware vCenter Server. The vulnerability, identified CVE-2024-38812, is related to a heap overflow error and affects the implementation of the DCERPC protocol in this virtualization management platform.
This vulnerability, first published in September 2024, has a CVSS score of 9.8, indicating that it is extremely dangerous and at high risk of exploitation. vCenter Server versions 8.0U3a were affected, while the 8.0U3b update includes the necessary fixes. The vulnerability also affects VMware Cloud Foundation, which is reflected in the official notice VMSA-2024-0019.
The problem occurs due to a memory management error in the rpc_ss_ndr_contiguous_elt() function. The bug allows an attacker with network access to send specially crafted packets and initiate arbitrary code execution on the server. The affected function may incorrectly change addresses in memory, which opens up the ability to access critical areas.
SonicWall specialists have demonstrated that the attack is possible through the use of network packets with tampered data in the "stub_data" section. This data controls the array parameters, which leads to heap overflows and memory integrity violations. The most dangerous part of exploitation is related to the use of the memcpy function, which allows an attacker to control both the target memory address and the amount of data copied, which increases the likelihood of a critical system failure.
VMware has released a patch in version 8.0U3b that introduces additional checks on memory boundaries and restricts pointer operations, which significantly reduces the risk of exploitation. Experts strongly recommend that organizations using affected versions update to the patched version immediately.
This vulnerability underscores the importance of timely software updates and regular security audits, especially for key platforms such as VMware vCenter Server. It is also recommended to implement additional protection measures, including network segmentation, activity monitoring, and regular vulnerability assessments, to quickly identify and eliminate such threats.
Source
Cybersecurity researchers at SonicWall have released a detailed analysis of a critical remote code execution (RCE) vulnerability in VMware vCenter Server. The vulnerability, identified CVE-2024-38812, is related to a heap overflow error and affects the implementation of the DCERPC protocol in this virtualization management platform.
This vulnerability, first published in September 2024, has a CVSS score of 9.8, indicating that it is extremely dangerous and at high risk of exploitation. vCenter Server versions 8.0U3a were affected, while the 8.0U3b update includes the necessary fixes. The vulnerability also affects VMware Cloud Foundation, which is reflected in the official notice VMSA-2024-0019.
The problem occurs due to a memory management error in the rpc_ss_ndr_contiguous_elt() function. The bug allows an attacker with network access to send specially crafted packets and initiate arbitrary code execution on the server. The affected function may incorrectly change addresses in memory, which opens up the ability to access critical areas.
SonicWall specialists have demonstrated that the attack is possible through the use of network packets with tampered data in the "stub_data" section. This data controls the array parameters, which leads to heap overflows and memory integrity violations. The most dangerous part of exploitation is related to the use of the memcpy function, which allows an attacker to control both the target memory address and the amount of data copied, which increases the likelihood of a critical system failure.
VMware has released a patch in version 8.0U3b that introduces additional checks on memory boundaries and restricts pointer operations, which significantly reduces the risk of exploitation. Experts strongly recommend that organizations using affected versions update to the patched version immediately.
This vulnerability underscores the importance of timely software updates and regular security audits, especially for key platforms such as VMware vCenter Server. It is also recommended to implement additional protection measures, including network segmentation, activity monitoring, and regular vulnerability assessments, to quickly identify and eliminate such threats.
Source
