VMware has launched one other safety replace for CVE-2024-38812, a essential VMware vCenter Server distant code execution vulnerability that was not accurately mounted within the first patch from September 2024.
The flaw is rated essential (CVSS v3.1 rating: 9.8) and stems from a heap overflow weak spot in vCenter’s DCE/RPC protocol implementation, impacting the vCenter Server and any merchandise incorporating it, corresponding to vSphere and Cloud Basis.
The flaw doesn’t require person interplay for exploitation, as distant code execution is triggered when a specifically crafted community packet is acquired.
The vulnerability was found and utilized by TZL safety researchers throughout China’s 2024 Matrix Cup hacking contest. The researchers additionally disclosed CVE-2024-38813, a high-severity privilege escalation flaw additionally impacting VMware vCenter.
In an replace of its safety advisory on these two vulnerabilities, VMware says that new patches needed to be issued for vCenter 7.0.3, 8.0.2, and eight.0.3, because the earlier fixes didn’t accurately repair the RCE flaw.
“VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not fully address CVE-2024-38812,” reads the up to date safety advisory.
“All customers are strongly encouraged to apply the patches currently listed in the Response Matrix.”
The most recent safety updates can be found on VMware vCenter Server 8.0 U3d, 8.0 U2e, and seven.0 U3t.
Older product variations previous their end-of-support dates, such because the vSphere 6.5 and 6.7, are confirmed as impacted however won’t obtain safety updates.
No workarounds can be found for both flaw, so impacted customers are really useful to use the newest updates as quickly as attainable.
VMware notes it has not acquired any studies or noticed exploitation of the stated flaws within the wild as of but.
For extra info, try this Q&A revealed as a companion to the bulletin to assist make clear some factors.
These new safety updates needs to be utilized as quickly as attainable, as menace actors generally goal VMware vCenter flaws to raise privileges or achieve entry to digital machines.
At the beginning of the yr, Mandiant disclosed that Chinese language state-sponsored hackers tracked as UNC3886 exploited CVE-2023-34048, a essential vulnerability in vCenter Server, as a zero-day to backdoor VMware ESXi digital machines.
