VMware vCenter Server Vulnerabilities Now Under Active Exploitation
November 18, 2024
Broadcom has issued a warning about the active exploitation of two vulnerabilities in VMware vCenter Server. One of these is a critical remote code execution (RCE) flaw, reported by TZL security researchers during China's 2024 Matrix Cup hacking contest. This vulnerability, tracked as CVE-2024-38812, results from a heap overflow weakness in vCenter's DCE/RPC protocol implementation. It affects products that include vCenter, such as VMware vSphere and VMware Cloud Foundation.
The second vulnerability, CVE-2024-38813, is a privilege escalation flaw. It allows attackers to escalate their privileges to root by using a specially crafted network packet. Broadcom confirmed that both CVE-2024-38812 and CVE-2024-38813 have been exploited in the wild.
In September, Broadcom released security updates to address these vulnerabilities. However, about a month later, it updated the security advisory with a note that the original patch for CVE-2024-38812 had not fully resolved the issue. The company strongly recommended administrators to apply the new patches. There are no workarounds for these security flaws, hence the need for immediate application of the latest updates to prevent active exploitation.
Broadcom also released a supplemental advisory providing additional information on how to deploy the security updates on affected systems. It also covered known issues that could impact those who have already upgraded. In June, Broadcom fixed a similar vCenter Server RCE vulnerability, CVE-2024-37079, which could also be exploited via specially crafted packets.
Threat actors, including ransomware gangs and state-sponsored hacking groups, often target vulnerabilities in VMware vCenter. For instance, in January, Broadcom disclosed that a critical vCenter Server vulnerability, CVE-2023-34048, had been exploited as a zero-day by Chinese state hackers since at least late 2021. This threat group, identified as UNC3886 by security firm Mandiant, used the flaw to deploy VirtualPita and VirtualPie backdoors on ESXi hosts through maliciously crafted vSphere Installation Bundles (VIBs).
Related News
- VMware Issues New Security Update for Critical vCenter Server RCE Vulnerability
- Critical Remote Code Execution Vulnerability in VMware vCenter Server Patched by Broadcom
- Critical Security Flaws in VMware vCenter Server Addressed: Immediate Patching Urged
- VMware Urges Removal of Deprecated, Vulnerable Authentication Plug-in
- CISA Adds VMware vCenter Server Bug to Known Exploited Vulnerabilities Catalogue
Latest News
- Palo Alto Networks Addresses Four Critical Security Flaws in Expedition Firewall
- GeoVision Devices Exploited by Botnet to Install Mirai Malware
- Microsoft Halts November 2024 Exchange Security Updates Due to Email Delivery Issues
- CISA Issues Warning on Active Exploitation of Additional Palo Alto Networks Vulnerabilities
- Critical Vulnerability Found in PostgreSQL PL/Perl: Varonis Issues Warning
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.