VMware has issued a critical patch for vCenter Server, addressing two significant vulnerabilities: CVE-2024-38812 and CVE-2024-38813, both of which pose serious security risks. These vulnerabilities, with a CVSSv3 score of 9.8 and 7.5 respectively, affect the DCERPC protocol and could lead to remote code execution and privilege escalation.
Vulnerabilities Overview:
1. CVE-2024-38812: Heap-Overflow Vulnerability
- Description: This critical vulnerability affects the DCERPC protocol, enabling a remote attacker with network access to exploit vCenter Server by sending specially crafted packets, potentially leading to remote code execution.
- Attack Vector: Requires network access to vCenter Server, making it vulnerable to attacks from compromised networks.
- Resolution: Patches have been issued to fully address the flaw after initial fixes in September were found insufficient. Affected systems should be updated to the versions listed in the Response Matrix.
2. CVE-2024-38813: Privilege Escalation Vulnerability
- Description: This vulnerability allows attackers to escalate privileges on the vCenter Server, potentially giving them root-level access.
- Attack Vector: Similar to CVE-2024-38812, an attacker with network access could exploit this to gain elevated permissions.
- Resolution: Updated patches for this vulnerability are available. Admins are urged to apply the latest fixes.
Impacted Products and Versions:
- VMware vCenter Server 8.0 U3d
- VMware vCenter Server 8.0 U2e
- VMware vCenter Server 7.0 U3t
- VMware Cloud Foundation 5.x (Async patch)
Patch Availability:
Updated patches addressing these vulnerabilities are now available. To ensure complete protection, administrators are advised to update their systems to the latest versions.
No Workarounds:
VMware has confirmed that no in-product workarounds are viable, emphasizing the importance of patching affected systems immediately.
Additional Information:
For more details, including patch downloads, refer to the VMware Security Advisory Page. A supplementary FAQ and further guidance on the asynchronous patching process for VMware Cloud Foundation can be accessed through VMware’s official documentation.
References:
Administrators should prioritize updating their vCenter Servers and continue to monitor VMware’s security advisories for future updates.
🔥Subscribe to the channel: https://bit.ly/3vY16CT🔥
🚨Read my blog: https://angrysysops.com/
👊Twitter: https://twitter.com/AngrySysOps
👊Facebook: https://www.facebook.com/AngrySysOps
👊My Podcast: https://bit.ly/39fFnxm
👊Mastodon: https://techhub.social/@AngryAdmin