VMware vCenter Server RCE vulnerability patched by Broadcom
Researchers find a critical vulnerability affecting multiple VMware products
VMware vCenter Server, Broadcom’s central management hub for the VMware vSphere suite, had a critical-severity vulnerability that allowed threat actors to remotely execute malicious code on unpatched servers.
The exploit involves a low-complexity attack that can be pulled off without victim interaction. VMware vSphere is a virtualization platform that allows admins to create and manage virtual machines and computing resources in a data center.
Its central management hub, vCenter Server, was vulnerable to a heap-overflow bug in the implementation of the DCERPC protocol, a flaw that is now tracked as CVE-2024-38812. It was given a severity score of 9.8/10 (critical), and was recently patched.
Patches and workarounds
Besides vCenter Server, it was claimed VMware Cloud Foundation was vulnerable to the same bug, as well. VMware Cloud Foundation is an integrated software platform that combines VMware's compute, storage, and network virtualization products with management and automation tools to create a unified hybrid cloud infrastructure.
The bug was discovered by cybersecurity researchers TZL, during China’s 2024 Matrix Cup hacking contest. As per the researchers, a malicious actor could theoretically send a specially crafted network packet, which could lead to remote code execution.
Broadcom, VMware’s parent company, recently released a fix and is urging users to apply it immediately.
"To ensure full protection for yourself and your organization, install one of the update versions listed in the VMware Security Advisory," the company said. "While other mitigations may be available depending on your organization's security posture, defense-in-depth strategies, and firewall configurations, each organization must evaluate the adequacy of these protections independently."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
If applying the patch is not an option right now, make sure you tightly control network perimeter access to vSphere management components and interfaces. The good news is that there is no evidence of in-the-wild abuse yet. However, now that the news is out, it is only a matter of time before hackers start scanning for vulnerable endpoints.
Via BleepingComputer
More from TechRadar Pro
- VMware patches serious security flaws in some of its top products
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.