Broadcom on Tuesday released updates to address a critical security flaw affecting VMware vCenter Server that could open the way for remote code execution.
The vulnerability tracked as CVE-2024-38812 (CVSS score: 9.8) was described as a heap overflow vulnerability in DCE/RPC protocol.
“An attacker with network access to vCenter Server could cause this vulnerability by sending a specially crafted network packet that could potentially lead to remote code execution,” the virtualization service provider. said in the bulletin.
The flaw is similar to two other remote code execution flaws, CVE-2024-37079 and CVE-2024-37080 (CVSS scores: 9.8) that VMware decided on vCenter Server in June 2024.
VMware also addressed an elevation of privilege flaw in vCenter Server (CVE-2024-38813, CVSS Score: 7.5), which could allow a malicious actor with network access to an instance to elevate privileges to root by sending a specially crafted network packet.
Security researchers zbl and srs from the TZL team are credited with discovering and reporting the two flaws during The Matrix Cup cyber security competition held in China in June 2024. These have been fixed in the following versions –
- vCenter Server 8.0 (fixed in 8.0 U3b)
- vCenter Server 7.0 (fixed in 7.0 U3s)
- VMware Cloud Foundation 5.x (fixed in 8.0 U3b as an asynchronous patch)
- VMware Cloud Foundation 4.x (fixed in 7.0 U3s as an asynchronous patch)
Broadcom said it was not aware of any malicious use of the two vulnerabilities, but urged customers to update their installations to the latest versions to guard against potential threats.
“These vulnerabilities are memory management and corruption issues that could be exploited against VMware vCenter services, potentially allowing remote code execution,” the company said in a statement. said.
The event comes after the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released joint advisory urging organizations to work to address cross-site scripting (XSS) vulnerabilities that threat actors can use to compromise systems.
“Cross-site scripting vulnerabilities occur when manufacturers fail to properly handle, sanitize, or avoid introductions,” state authorities note. said. “These flaws allow threat actors to inject malicious scripts into web applications, using them to manipulate, steal, or misuse data in a variety of contexts.”
