On October 16, 2024, VMware released a security advisory (VMSA-2024-0021) regarding a high-severity SQL injection vulnerability (CVE-2024-38814) found in VMware HCX, a crucial component for hybrid cloud extension solutions. This vulnerability, which could lead to unauthorized remote code execution, has a CVSSv3 base score of 8.8, emphasizing the importance of applying the recommended patches as soon as possible.
Summary of the Vulnerability
An authenticated SQL injection flaw was reported in VMware HCX. If exploited, a malicious user with non-administrative privileges could inject specially crafted SQL commands, potentially enabling remote code execution on the HCX Manager. Due to the nature of this vulnerability, VMware categorizes it as critical, emphasizing the importance of swift action to mitigate potential risks.
Impacted VMware HCX Versions and Resolution
The following VMware HCX versions are affected:
- VMware HCX 4.10.x – Fixed in version 4.10.1
- VMware HCX 4.9.x – Fixed in version 4.9.2
- VMware HCX 4.8.x – Fixed in version 4.8.3
There are no known workarounds for this vulnerability, making it imperative for administrators to apply the available patches. You can find the patches and update documentation for each version below:
Additional Resources and Support
To stay informed about VMware’s ongoing security efforts and advisories, you can refer to the following resources:
For further inquiries or to report a security issue, contact VMware’s Product Security Response Team at vmware.psirt@broadcom.com.
🔥Subscribe to the channel: https://bit.ly/3vY16CT🔥
🚨Read my blog: https://angrysysops.com/
👊Twitter: https://twitter.com/AngrySysOps
👊Facebook: https://www.facebook.com/AngrySysOps
👊My Podcast: https://bit.ly/39fFnxm
👊Mastodon: https://techhub.social/@AngryAdmin
