ALERT: Update VMware vCenter Server for critical vulnerabilities

09/18/2024
computer with warning

Affected VMware servers and components should be updated as soon as possible after appropriate testing.

Summary

VMware has released updates to address critical vulnerabilities in VMware vCenter Server and VMware Cloud Foundation that could lead to possible remote code execution (CVE-2024-38812) and escalation of privileges to root (CVE-2024-38813). Affected VMware servers and components should be updated as soon as possible after appropriate testing.

Problem

The critical vulnerabilities in VMware vCenter Server can be exploited to enable a threat actor with network access to vCenter Server to send a specially crafted network packet to:

  • Trigger a vulnerability to potentially lead to remote code execution.
  • Escalate privileges to root.

Threats

At the time of publication for this Alert, IA is not aware of active exploitation.

Affected Versions

Any version of vCenter Server or VMware Cloud Foundation prior to fixed versions 8.0 U3b and 7.0 U3s, as listed in the Response Matrix in VMSA-2024-0019.

Action Items

Update vCenter Server as soon as possible after appropriate testing. Because of the severity of this vulnerability, the need for immediate action supersedes the remediation timeframes in Vulnerability Management (DS-21). Links to updates and additional information can be found in VMSA-2024-0019.

Technical Details

According to Broadcom, these vulnerabilities are memory management and corruption issues which can be used against VMware vCenter services, potentially allowing remote code execution. CVE-2024-38812 contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.