Warning: Critical Vulnerabilities In VMware vCenter
- CVE-2024-37079: CVSS 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVE-2024-37080: CVSS 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVE-2024-37081: CVSS 7.8 HIGH (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Sources
Risks
Multiple heap-overflow vulnerabilities in VMware vCenter Server were found. A malicious actor with network access may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution.
A privilege escalation vulnerability in vCenter Server was found. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on a vCenter Server Appliance.
The Centre for Cybersecurity Belgium (CCB) recommends system administrators patch vulnerable systems as soon as possible and to follow the additional measures as recommended by the vendor. Analyse system and network logs for any suspicious activity. This report has instructions to help your organisation.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
Description
Multiple heap-overflow and privilege escalation vulnerabilities in vCenter Server were found:
- Heap-overflow vulnerabilities in the implementation of the DCERPC protocol (CVE-2024-37079, CVE-2024-37080), which could lead to remote code execution.
- Multiple local privilege escalation vulnerabilities due to misconfiguration of sudo (CVE-2024-37081).
Patched versions are available on the website of the vendor: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
The latest version of the involved product can be found on their website: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453.
Monitor/Detect
The CCB recommends organisations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.