Broadcom Releases Patch for vCenter Server Multiple Vulnerabilities (CVE-2024-38812 & CVE-2024-38813)

Posted by Author Diksha Ojha on Posted on

VMware vCenter is vulnerable to two security vulnerabilities, tracked as CVE-2024-38812 & CVE-2024-38813. One vulnerability (CVE-2024-38812) has been given a critical severity rating that may allow an attacker to perform remote code execution. The second vulnerability (CVE-2024-38812) may result in privilege escalation.

VMware vCenter is an advanced server management software. The software has a centralized platform for controlling vSphere environments for visibility across hybrid clouds. The software protects the vCenter Server Appliance and related services with native high availability (HA) and a recovery time objective of less than 10 minutes.

VMware vCenter Server Heap-overflow Vulnerability (CVE-2024-38812)

The heap overflow vulnerability in the implementation of the DCERPC protocol has a critical severity rating with a CVSSv3 base score of 9.8. An attacker must have network access to the vCenter Server to exploit the vulnerability. An attacker may exploit this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution.

VMware vCenter Privilege Escalation Vulnerability (CVE-2024-38813)

The privilege escalation vulnerability has an important severity rating with a CVSSv3 base score of 7.5. An attacker must have network access to the vCenter Server to exploit the vulnerability. An attacker may exploit this vulnerability by sending a specially crafted network packet to escalate privileges to root.

Affected Products

  • VMware vCenter Server
  • VMware Cloud Foundation

Affected Versions

  • VMware vCenter Server Virtual Appliance 7.0 Update 3s before build 24201990
  • VMware vCenter Server Virtual Appliance 8.0 Update 3b before build 24262322

Mitigation

  • VMware vCenter Server 8.0 U3b
  • VMware vCenter Server 7.0 U3s

For more information about the mitigation, please refer to Broadcom Security Advisory (VMSA-2024-0019).

Qualys Detection

Qualys customers can scan their devices with QID 216334 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

Leave a Reply

Your email address will not be published. Required fields are marked *