Critical Remote Code Execution Vulnerability in VMware vCenter Server (CVE-2024-38812)
Summary
OEM | VMware |
Severity | Critical |
Date of Announcement | 2024-10-23 |
CVSS Score | 9.8 |
CVE | CVE-2024-38812, CVE-2024-38813 |
Exploited in Wild | Yes |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
Overview
Critical vulnerabilities have been identified in the vCenter Server that require immediate action. A heap overflow vulnerability in the DCE/RPC protocol could allow a malicious actor with network access to execute remote code by sending specially crafted packets. Additionally, there is a privilege escalation vulnerability that enables an attacker to escalate privileges to root using a similar method. Both vulnerabilities pose significant risks, and it is essential to implement remediation measures promptly to protect your vCenter Server and associated assets.
Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
VMware vCenter Server heap-overflow vulnerability | CVE-2024-38812 | VMware vCenter Servers and VMware Cloud Foundation | Critical | 7.0 U3t, 8.0 U3d and U2e (vCenter Server) Async Patch for VMware Cloud Foundation |
VMware vCenter privilege escalation vulnerability | CVE-2024-38813 | VMware vCenter Servers and VMware Cloud Foundation | Critical | 7.0 U3t, 8.0 U3d and U2e (vCenter Server) |
Technical Summary
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-38812 | VMware vCenter Server 7.0 and 8.0, VMware Cloud Foundation 4.x and 5.x | The critical vulnerability is caused by a heap overflow in vCenter Server's DCE/RPC protocol implementation. This allows an unauthenticated attacker to remotely execute arbitrary code without user interaction. | Remote code execution. |
CVE-2024-38813 | VMware vCenter Server 7.0 and 8.0, VMware Cloud Foundation 4.x and 5.x | This is a privilege escalation vulnerability in VMware vCenter Server that allows attackers with network access to escalate their privileges to root by exploiting an improper permission management flaw. By sending specially crafted network packets, a malicious actor can completely takeover the target. | Full administrative control. |
Recommendations
Administrators are strongly advised to update their VMware vCenter Server to the latest available versions:
- vCenter Server 7.0 U3t
- vCenter Server 8.0 U3d and U2e
- VMware Cloud Foundation (Async Patching available).
Restrict network access to vCenter Server by configuring firewalls to allow access only from trusted IP addresses.
Monitor for Indicators of Compromise (IoCs):Security teams should monitor logs and network traffic for unusual activity, including unexpected traffic to or from the vCenter Server.