VMware launched an advisory (VMSA-2024-0021) addressing a important vulnerability in its HCX platform.
The vulnerability, CVE-2024-38814, is an authenticated SQL injection flaw that poses a major safety threat. With a CVSSv3 base rating of 8.8, this situation is classed as having “Vital” severity.
The vulnerability permits malicious authenticated customers with non-administrator privileges to execute unauthorized distant code on the HCX supervisor by submitting specifically crafted SQL queries.
Impacted Merchandise and Decision
In response to the Broadcom report, the vulnerability impacts a number of variations of VMware HCX, particularly model 4.10.x, 4.9.x, and 4.8.x.
Analyse Any Suspicious Hyperlinks Utilizing ANY.RUN’s New Protected Searching Software: Attempt for Free
VMware has promptly launched patches to deal with this situation. Customers are strongly suggested to use the updates listed within the “Fastened Model” column of the response matrix offered under:
| VMware Product | Model | CVE | CVSSv3 | Severity | Fastened Model |
| VMware HCX | 4.10.x | CVE-2024-38814 | 8.8 | Vital | 4.10.1 |
| VMware HCX | 4.9.x | CVE-2024-38814 | 8.8 | Vital | 4.9.2 |
| VMware HCX | 4.8.x | CVE-2024-38814 | 8.8 | Vital | 4.8.3 |
No workarounds or further documentation can be found for this vulnerability, underscoring the urgency of customers updating their programs instantly.
Acknowledgments and Suggestions
VMware has acknowledged Sina Kheirkhah (@SinSinology) of the Summoning Workforce (@SummoningTeam), working with Pattern Micro Zero Day Initiative (ZDI), for responsibly reporting this vulnerability.
This collaboration highlights the significance of coordinated disclosure in sustaining cybersecurity.
Organizations utilizing VMware HCX ought to prioritize updating their programs to fastened variations to mitigate potential exploitation dangers.
Repeatedly reviewing safety advisories and sustaining up to date software program variations are essential to safeguarding towards vulnerabilities corresponding to CVE-2024-38814.
For additional particulars, customers can confer with VMware’s official advisory web page and keep knowledgeable about any future updates or associated safety notices from VMware.
This incident reminds us of the ever-present menace panorama and the necessity for vigilance in cybersecurity practices throughout all sectors, utilizing virtualized environments like VMware HCX.
Methods to Select an final Managed SIEM answer for Your Safety Workforce -> Obtain Free Information(PDF)