ALERT: Update VMware vCenter Server for critical vulnerabilities
Tuesday, September 17, 2024
This Alert is intended for U-M IT staff who are responsible for systems running VMware vCenter Server.
Summary
VMware has released updates to address critical vulnerabilities in VMware vCenter Server and VMware Cloud Foundation that could lead to possible remote code execution (CVE-2024-38812) and escalation of privileges to root (CVE-2024-38813). Affected VMware servers and components should be updated as soon as possible after appropriate testing.
Problem
The critical vulnerabilities in VMware vCenter Server can be exploited to enable a threat actor with network access to vCenter Server to send a specially crafted network packet to:
- Trigger a vulnerability to potentially lead to remote code execution.
- Escalate privileges to root.
Threats
At the time of publication for this Alert, IA is not aware of active exploitation.
Affected Versions
Any version of vCenter Server or VMware Cloud Foundation prior to fixed versions 8.0 U3b and 7.0 U3s, as listed in the Response Matrix in VMSA-2024-0019.
Action Items
Update vCenter Server as soon as possible after appropriate testing. Because of the severity of this vulnerability, the need for immediate action supersedes the remediation timeframes in Vulnerability Management (DS-21). Links to updates and additional information can be found in VMSA-2024-0019.
Technical Details
According to Broadcom, these vulnerabilities are memory management and corruption issues which can be used against VMware vCenter services, potentially allowing remote code execution. CVE-2024-38812 contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.
Questions, Concerns, Reports
Please contact ITS Information Assurance through the ITS Service Center.
References
- VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) (Broadcom, 9/17/24)
- VMSA-2024-0019: Questions & Answers (VMware Cloud Foundation (VCF) Blog, 9/17/24)
- CVE-2024-38812 (MITRE, 6/19/24)
- CVE-2024-38813 (MITRE, 6/19/24)
- VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest (Security Week, 9/17/24)