HomeWinBuzzer NewsVMware vCenter Server Faces Critical Security Vulnerabilities

VMware vCenter Server Faces Critical Security Vulnerabilities

VMware has found critical security holes (CVE-2024-37079 & CVE-2024-37080) in vCenter Server that could grant attackers full control.

-

VMware, a subsidiary of Broadcom, has detected security flaws within its vCenter Server. These issues concern the core system responsible for managing virtual machines and hosts in the company's Cloud Foundation and vSphere platforms. Identified as CVE-2024-37079 and CVE-2024-37080, both vulnerabilities carry a high-alert score of 9.8 according to the CVSS v3 metric.

Technical Insights on the Flaws

The vulnerabilities involve heap-overflow problems in the DCE/RPC protocol, a system enabling remote procedure calls to operate locally. If exploited, a threat actor with network access could send manipulated packets to the vCenter Server, leading to remote code execution. This could grant unauthorized control over both the vCenter Server and the managed virtual infrastructure.

has rolled out patches addressing these vulnerabilities in recent releases of vCenter Server and Cloud Foundation. There is, however, an uncertified risk for outdated versions, specifically vSphere 6.5 and 6.7, which are no longer supported as of October 2022. Users utilizing these versions might remain vulnerable without receiving the fixes.

Disclosure of Additional Vulnerability

Another flaw, CVE-2024-37081, with a CVSS score of 7.8, has also been revealed. This issue is related to local privilege escalation due to a sudo misconfiguration, which could allow a local, non-administrative user to gain root access on vCenter Server Appliance.

The mentioned vulnerabilities were reported by Matei “Mal” Badanoiu from Deloitte Romania. VMware has expressed appreciation for his findings and has highlighted the critical need for users to apply the available patches without delay. Currently, there are no known instances of these vulnerabilities being exploited in real-world scenarios.

Security Advisory and Mitigation Measures

VMware has issued a security advisory, VMSA-2024-0012, that provides a comprehensive overview of the vulnerabilities. This advisory includes a response matrix detailing the affected product versions, their severity, and links to relevant patches and documentation.

Multiple versions of vCenter Server and Cloud Foundation are impacted by these vulnerabilities. The advisory's response matrix offers a clear overview of the necessary updates and affected products.

Administrators can verify patch application by accessing the Appliance Shell and using the software-packages utility to list installed updates. Additionally, the vCenter Server Management Interface (VAMI) is available to check update statuses and ensure proper functionality.

SourceBroadcom
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.