ALERT: Additional update needed to fix for VMware vCenter Server vulnerability

VMware has released updates to address critical vulnerabilities in VMware vCenter Server and VMware Cloud Foundation that could lead to possible remote code execution (CVE-2024-38812) and escalation of privileges to root (CVE-2024-38813). Affected VMware servers and components should be updated as soon as possible after appropriate testing.

The critical vulnerabilities in VMware vCenter Server can be exploited to enable a threat actor with network access to vCenter Server to send a specially crafted network packet to:

• Trigger a vulnerability to potentially lead to remote code execution.
• Escalate privileges to root.

At the time of publication for this Alert, IA is not aware of active exploitation.

Update vCenter Server as soon as possible after appropriate testing. Because of the severity of this vulnerability, the need for immediate action supersedes the remediation timeframes in Vulnerability Management (DS-21). Links to updates and additional information can be found in VMSA-2024-0019.

According to Broadcom, these vulnerabilities are memory management and corruption issues which can be used against VMware vCenter services, potentially allowing remote code execution. CVE-2024-38812 contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.

Please contact ITS Information Assurance through the ITS Service Center.

• VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (Help Net Security, 10/22/24)
• VMware fixes bad patch for critical vCenter Server RCE flaw (Bleeping Computer, 10/22/24)
• VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) (Broadcom, 9/17/24)
• CVE-2024-38812 (MITRE, 6/19/24)
• CVE-2024-38813 (MITRE, 6/19/24)
• VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest (Security Week, 9/17/24)