www.belgium.be Logo of the federal government

Warning: Authenticated SQL Injection in VMware HCX, Patch Immediately!

Referentie: 
Advisory #2024-244
Versie: 
1.0
Geïmpacteerde software: 
VMware HCX prior to 4.10.1, 4.9.2, and 4.8.3
Type: 
Authenticated SQL injection
CVE/CVSS: 

CVE-2024-38814: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Bronnen

Broadcom: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019

Risico’s

A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform remote code execution on the HCX manager. This could highly impact confidentiality, integrity, and availability.

Beschrijving

CVE-2024-38814 is a high security issue (CVSS 8.8 according to CNA) which allows a malicious authenticated user with non-administrator privileges to enter specially crafted SQL queries and perform remote code execution on the HCX manager.

Aanbevolen acties

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.