VMware has launched one other safety replace for CVE-2024-38812, a crucial VMware vCenter Server distant code execution vulnerability that was not accurately mounted within the first patch from September 2024.
The flaw is rated crucial (CVSS v3.1 rating: 9.8) and stems from a heap overflow weak point in vCenter’s DCE/RPC protocol implementation, impacting the vCenter Server and any merchandise incorporating it, similar to vSphere and Cloud Basis.
The flaw doesn’t require person interplay for exploitation, as distant code execution is triggered when a specifically crafted community packet is acquired.
The vulnerability was found and utilized by TZL safety researchers throughout China’s 2024 Matrix Cup hacking contest. The researchers additionally disclosed CVE-2024-38813, a high-severity privilege escalation flaw additionally impacting VMware vCenter.
In an replace of its safety advisory on these two vulnerabilities, VMware says that new patches needed to be issued for vCenter 7.0.3, 8.0.2, and eight.0.3, because the earlier fixes didn’t accurately repair the RCE flaw.
“VMware by Broadcom has decided that the vCenter patches launched on September 17, 2024 didn’t totally deal with CVE-2024-38812,” reads the up to date safety advisory.
“All clients are strongly inspired to use the patches presently listed within the Response Matrix.”
The newest safety updates can be found on VMware vCenter Server 8.0 U3d, 8.0 U2e, and seven.0 U3t.
Older product variations previous their end-of-support dates, such because the vSphere 6.5 and 6.7, are confirmed as impacted however won’t obtain safety updates.
No workarounds can be found for both flaw, so impacted customers are really useful to use the most recent updates as quickly as doable.
VMware notes it has not acquired any experiences or noticed exploitation of the mentioned flaws within the wild as of but.
For extra data, try this Q&A revealed as a companion to the bulletin to assist make clear some factors.
These new safety updates ought to be utilized as quickly as doable, as risk actors generally goal VMware vCenter flaws to raise privileges or acquire entry to digital machines.
At the beginning of the yr, Mandiant disclosed that Chinese language state-sponsored hackers tracked as UNC3886 exploited CVE-2023-34048, a crucial vulnerability in vCenter Server, as a zero-day to backdoor VMware ESXi digital machines.