Sep 18, 2024Ravie LakshmananVirtualization / Network Security
Broadcom has recently released updates to patch a critical security vulnerability in VMware vCenter Server, opening the door to potential remote code execution.
The vulnerability, identified as CVE-2024-38812 with a CVSS score of 9.8, is a heap-overflow vulnerability in the DCE/RPC protocol.
According to Broadcom, “A malicious actor with network access to vCenter Server may exploit this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution.”
This vulnerability shares similarities with two other remote code execution flaws, namely CVE-2024-37079 and CVE-2024-37080, which VMware addressed earlier in June 2024.
Additionally, VMware has fixed a privilege escalation flaw in vCenter Server (CVE-2024-38813, CVSS score: 7.5) that could allow a malicious actor to escalate privileges to root by sending a specially crafted network packet.
The flaws were discovered by security researchers zbl and srs of team TZL during the Matrix Cup cybersecurity competition in China in June 2024. These vulnerabilities have been patched in the following versions:
- vCenter Server 8.0 (Fixed in 8.0 U3b)
- vCenter Server 7.0 (Fixed in 7.0 U3s)
- VMware Cloud Foundation 5.x (Fixed in 8.0 U3b as an asynchronous patch)
- VMware Cloud Foundation 4.x (Fixed in 7.0 U3s as an asynchronous patch)
Broadcom emphasized that while there have been no reported malicious exploits leveraging these vulnerabilities, customers should update their installations to the latest versions to mitigate potential risks.
“These vulnerabilities involve memory management and corruption issues that could be exploited against VMware vCenter services, potentially leading to remote code execution,” the company explained.
In related news, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint advisory urging organizations to address cross-site scripting (XSS) vulnerabilities that could be exploited by threat actors to compromise systems.
“Cross-site scripting vulnerabilities occur when manufacturers fail to properly validate, sanitize, or escape inputs, allowing threat actors to inject malicious scripts into web applications, enabling them to manipulate, steal, or misuse data across different contexts,” the advisory stated.