Broadcom has released updates to address a critical vulnerability in the VMware Vcenter Server that could result in remote code execution. The vulnerability, with a CVSS score of 9.8, has been designated as CVE-2024-38812 and is related to buffer overflow in the DCE/RPC protocol.
According to Broadcom, threat actors with network access can leverage specially crafted network packets to exploit this vulnerability, enabling them to execute remote code on the Vcenter Server.
This vulnerability is akin to two other remote code execution vulnerabilities – CVE-2024-37079 and CVE-2024-37080 – which were patched in June 2024. These vulnerabilities also scored 9.8 on the CVSS scale.
Furthermore, a privilege escalation vulnerability with a score of 7.5, dubbed CVE-2024-38813, has been rectified. This vulnerability allows attackers with network access to elevate privileges to Root level by sending specially crafted network packets.
Both vulnerabilities were discovered by security researchers from the TZL team during the Matrix Cup cybersecurity competition held in China in June 2024.
The patches are now available for the following versions:
- vcenter Server 8.0 (fixed in version 8.0 U3b)
- vcenter Server 7.0 (fixed in version 7.0 U3S)
- VMware Cloud Foundation 5.x (fix available in version 8.0 U3b)
- VMware Cloud Foundation 4.x (patched in version 7.0 U3S)
Broadcom stressed that although there is currently no evidence of attackers exploiting these vulnerabilities, users are strongly advised to update their systems to mitigate the risk of potential attacks.
The vulnerability stems from memory management errors, presenting an avenue for remote code execution while VMware Vcenter services are in operation.
These developments coincide with a joint advisory issued by the U.S. Cybersecurity and Infrastructure Security Agency