www.belgium.be Logo of the federal government

Warning: Critical Vulnerabilities In VMware vCenter

Reference: 
Advisory #2024-91
Version: 
1.0
Affected software: 
VMware vCenter
Type: 
Remote Code Execution (RCE), Privilege Escalation
CVE/CVSS: 
  • CVE-2024-37079: CVSS 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
  • CVE-2024-37080: CVSS 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
  • CVE-2024-37081: CVSS 7.8 HIGH (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Sources

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

Risks

Multiple heap-overflow vulnerabilities in VMware vCenter Server were found. A malicious actor with network access may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution.

A privilege escalation vulnerability in vCenter Server was found. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on a vCenter Server Appliance.

The Centre for Cybersecurity Belgium (CCB) recommends system administrators patch vulnerable systems as soon as possible and to follow the additional measures as recommended by the vendor. Analyse system and network logs for any suspicious activity. This report has instructions to help your organisation.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

Description

Multiple heap-overflow and privilege escalation vulnerabilities in vCenter Server were found:

  • Heap-overflow vulnerabilities in the implementation of the DCERPC protocol (CVE-2024-37079, CVE-2024-37080), which could lead to remote code execution.
  • Multiple local privilege escalation vulnerabilities due to misconfiguration of sudo (CVE-2024-37081).

Patched versions are available on the website of the vendor: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

The latest version of the involved product can be found on their website: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453.

Monitor/Detect

The CCB recommends organisations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.