Broadcom has fastened a crucial VMware vCenter Server vulnerability that attackers can exploit to achieve distant code execution on unpatched servers by way of a community packet.
vCenter Server is the central administration hub for VMware’s vSphere suite, serving to directors handle and monitor virtualized infrastructure.
The vulnerability (CVE-2024-38812), reported by TZL safety researchers throughout China’s 2024 Matrix Cup hacking contest, is attributable to a heap overflow weak point in vCenter’s DCE/RPC protocol implementation. It additionally impacts merchandise containing vCenter, together with VMware vSphere and VMware Cloud Basis.
Unauthenticated attackers can exploit it remotely in low-complexity assaults that do not require person interplay “by sending a specially crafted network packet potentially leading to remote code execution.”
Safety patches addressing this vulnerability at the moment are accessible via the usual vCenter Server replace mechanisms.
“To ensure full protection for yourself and your organization, install one of the update versions listed in the VMware Security Advisory,” the corporate stated.
“While other mitigations may be available depending on your organization’s security posture, defense-in-depth strategies, and firewall configurations, each organization must evaluate the adequacy of these protections independently.”
Not exploited in assaults
Broadcom says it has not discovered proof that the CVE-2023-34048 RCE bug is presently exploited in assaults.
Admins who’re unable to instantly apply at present’s safety updates ought to strictly management community perimeter entry to vSphere administration parts and interfaces, together with storage and community parts, as an official workaround for this vulnerability is unavailable.
In the present day, the corporate additionally patched a high-severity privilege escalation vulnerability (CVE-2024-38813) that risk actors can leverage to achieve root privileges on susceptible servers by way of a specifically crafted community packet.
In June, it fastened the same vCenter Server distant code execution vulnerability (CVE-2024-37079) that may be exploited by way of specifically crafted packets.
In January, Broadcom disclosed {that a} Chinese language hacking group has been exploiting a crucial vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at the very least late 2021.
The risk group (tracked as UNC3886 by safety agency Mandiant) used it to breach susceptible vCenter servers to deploy VirtualPita and VirtualPie backdoors on ESXi hosts by way of maliciously crafted vSphere Set up Bundles (VIBs).
