A pair of vulnerabilities has been identified in VMware vCenter Server. The vulnerabilities could allow for privilege escalation and remote code execution on the server. The vulnerabilities (CVE-2024-38812 and CVE-2024-38813) have Critical and High CVSSv3.1 scores of 9.8 and 7.5 out of 10, respectively.
Description:
On Tuesday, September 17th, Broadcom released a security update and advisory for VMware vCenter Server versions 7.0 and 8.0, which addressed two recently disclosed vulnerabilities. CVE-2024-38812 involves a heap-overflow attack that can lead to remove code execution (RCE), while CVE-2024-38813 is a privilege escalation vulnerability that could give attackers root access to the platform.
The security advisory involves vCenter Server, as well as products that contain it (such as VMware vSphere and VMware Cloud Foundation). Broadcom has claimed no awareness of the vulnerabilities currently being exploited in the wild, but urges customers to promptly update due to the potential severity.
Affected Versions:
- vCenter Server version 8.0 (prior to 8.0 U3b).
- vCenter Server version 7.0 (prior to 7.0 U3s).
- VMware Cloud Foundation versions 5.x (prior to 8.0 U3b).
- VMware Cloud Foundation versions 4.x (prior to 7.0 U3s).
Recommendations:
- Ensure vulnerable products are updated to the versions listed above.
- If prompt updating is not feasible or faces issues, refer to Broadcom’s security advisory Q&A for assistance: https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/.
- Ensure automatic updates are enabled for future instances.
References:
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
- https://nvd.nist.gov/vuln/detail/CVE-2024-38812
- https://nvd.nist.gov/vuln/detail/CVE-2024-38813
- https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html
