VMware Releases vCenter Server Replace to Repair Important RCE Vulnerability

Oct 22, 2024Ravie LakshmananVulnerability / Enterprise Safety

VMware has launched software program updates to deal with an already patched safety flaw in vCenter Server that would pave the way in which for distant code execution.

The vulnerability, tracked as CVE-2024-38812 (CVSS rating: 9.8), considerations a case of heap-overflow vulnerability within the implementation of the DCE/RPC protocol.

“A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution,” Broadcom-owned virtualization companies supplier mentioned.

The flaw was initially reported by zbl and srs of staff TZL on the Matrix Cup cybersecurity competitors held in China earlier this yr.

“VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not fully address CVE-2024-38812,” the corporate famous.

Cybersecurity

Patches for the flaw can be found within the beneath vCenter Server variations –

  • 8.0 U3d
  • 8.0 U2e, and
  • 7.0 U3t

It is also obtainable as an asynchronous patch for VMware Cloud Basis variations 5.x, 5.1.x, and 4.x. There are not any identified mitigations.

Whereas there isn’t a proof that the vulnerability has been ever exploited within the wild, customers are suggested to replace to the most recent variations to safeguard in opposition to potential threats.

In July 2021, China handed a legislation that requires vulnerabilities found by researchers within the nation to be promptly disclosed to the federal government and the product’s producer, elevating considerations that it might assist nation-state adversaries stockpile zero-days and weaponize them to their benefit.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.

Recent articles

SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Goal Victims

An ongoing phishing marketing campaign is using copyright infringement-related...

5 Most Widespread Malware Strategies in 2024

Ways, methods, and procedures (TTPs) kind the muse of...

Showcasing the SuperTest compiler’s check & validation suite | IoT Now Information & Studies

House › IoT Webinars › Showcasing the SuperTest compiler’s...

Cisco Releases Patch for Essential URWB Vulnerability in Industrial Wi-fi Programs

Nov 07, 2024Ravie LakshmananVulnerability / Wi-fi Expertise Cisco has launched...

Canada Orders TikTok to Shut Down Canadian Operations Over Safety Considerations

Nov 07, 2024Ravie LakshmananNationwide Safety / Social Media The Canadian...