Source URL: https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/
Source: The Register
Title: Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble
Feedly Summary: If you didn’t fix this a month ago, your to-do list probably needs a reshuffle
Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in attacks after Broadcom’s first attempt to fix the flaws fell short.…
AI Summary and Description: Yes
Summary: The text discusses two critical vulnerabilities in VMware vCenter servers, specifically CVE-2024-38812 and CVE-2024-38813, which have been exploited in active attacks. It highlights the severity of these vulnerabilities and their implications for security, necessitating urgent attention from organizations using these systems.
Detailed Description: The provided text is significant as it addresses critical vulnerabilities in VMware’s vCenter servers that are pertinent to security professionals, particularly those involved in cloud and infrastructure security.
* **Vulnerabilities Identified:**
– **CVE-2024-38812:** A critical heap-overflow vulnerability in the handling of the DCERPC protocol with a CVSS score of 9.8/10, allowing potential remote code execution (RCE) by sending specially crafted packets.
– **CVE-2024-38813:** A high-severity privilege escalation vulnerability rated at 7.5/10, which allows attackers with network access to escalate privileges to root.
* **Initial Response and Ongoing Exploitation:**
– Broadcom originally attempted to patch these vulnerabilities on September 17, 2024, but latter acknowledged that the patches were inadequate, resulting in an updated patch in October.
– Following these updates, Broadcom confirmed that exploitation of these vulnerabilities has occurred “in the wild,” raising concerns about the security measures in place for organizations utilizing vCenter servers.
* **Implications for Security Teams:**
– **Target Area:** vCenter servers are critical for administering virtual machines across organizations, making them lucrative targets for cybercriminals, including ransomware gangs and nation-state actors.
– **Response Necessity:** The active exploitation underscores the urgency for organizations to adopt robust security practices, including timely application of patches and continuous monitoring for vulnerabilities.
* **Affected Versions:**
– Versions 7 and 8 of vCenter Server and versions 4 and 5 of VMware Cloud Foundation are noted as vulnerable, which affects a wide range of organizations that utilize VMware’s technology stack.
These insights underscore the need for security professionals to remain vigilant about governance and compliance related to vulnerability management, especially in cloud environments. Monitoring for updates and understanding the threat landscape surrounding cloud infrastructure is essential for maintaining security integrity.