WARNING: VMWARE VCENTER SERVER UPDATES ADDRESS HEAP-OVERFLOW AND PRIVILEGE ESCALATION VULNERABILITIES, PATCH IMMEDIATELY!
Sources
Risks
VMware vCenter Server has a critical heap-overflow vulnerability (CVE-2024-38812) in its DCERPC protocol, with a CVSSv3 score of 9.8, potentially leading to remote code execution. Remote code execution can lead to severe outcomes, including data loss, service interruptions, ransomware attacks, the spread of malware, and the attacker's ability to move laterally to compromise other critical IT systems.
A threat actor could exploit the privilege escalation vulnerability (CVE-2024-38813) to escalate privileges to root, thereby granting them full control over the machine.
UPDATE 2024-10-22: VMware has determined that the vCenter patches released on September 17, 2024 did not fully address CVE-2024-38812. All customers are strongly encouraged to apply the patches currently listed in the Response Matrix in the vendor's advisory. Additionally, patches for 8.0 U2 line are also available.
VMware published a supplemental FAQ was created for additional clarification.
Description
CVE-2024-38812 is a heap-overflow vulnerability in the implementation of the DCERPC protocol. By crafting a specific network packet, a malicious actor with network access could exploit this vulnerability, potentially leading to remote code execution. Although it has not been exploited yet, similar vulnerabilities in related software have been targeted by threat actors in the past.
Update 2024-11-19: VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38813. Urgent patching is advised!
Update 2024-11-19: VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812. Urgent patching is advised!
CVE-2024-38813 is a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.