VMware Issues New Security Update for Critical vCenter Server RCE Vulnerability

October 22, 2024

VMware has rolled out an additional security patch for the critical vulnerability CVE-2024-38812 in its vCenter Server, after the initial patch released in September 2024 failed to completely rectify the issue. The vulnerability, which is considered critical with a CVSS v3.1 score of 9.8, arises from a heap overflow issue in vCenter's DCE/RPC protocol implementation. This impacts the vCenter Server and any products that incorporate it, including vSphere and Cloud Foundation. The flaw can be exploited without user interaction, with remote code execution being triggered by a specially crafted network packet. This vulnerability was first discovered and exploited by TZL security researchers during China's 2024 Matrix Cup hacking contest.

In addition to CVE-2024-38812, the researchers also disclosed CVE-2024-38813, a high-severity privilege escalation flaw impacting VMware vCenter. VMware has updated its security advisory concerning these two vulnerabilities, stating that new patches had to be issued for vCenter 7.0.3, 8.0.2, and 8.0.3, as the previous fixes did not effectively address the RCE flaw. The updated security advisory states, "VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not fully address CVE-2024-38812." It strongly encourages all customers to apply the updated patches listed in the Response Matrix.

The latest security updates are available for VMware vCenter Server 8.0 U3d, 8.0 U2e, and 7.0 U3t. Older product versions that have surpassed their end-of-support dates, such as vSphere 6.5 and 6.7, are confirmed as impacted but will not receive security updates. No workarounds are available for either flaw, and users are advised to apply the latest updates immediately. VMware has not received any reports or observed exploitation of these flaws in the wild yet.

It is critical to apply these security updates promptly, as threat actors often target VMware vCenter flaws to elevate privileges or gain access to virtual machines. Earlier this year, Mandiant disclosed that Chinese state-sponsored hackers, tracked as UNC3886, exploited CVE-2023-34048, a critical vulnerability in vCenter Server, as a zero-day to backdoor VMware ESXi virtual machines.

Related News

• Critical Remote Code Execution Vulnerability in VMware vCenter Server Patched by Broadcom
• VMware Urges Removal of Deprecated, Vulnerable Authentication Plug-in
• CISA Adds VMware vCenter Server Bug to Known Exploited Vulnerabilities Catalogue
• Chinese Hackers Utilized VMware Vulnerability as Zero-Day for Two Years
• Critical vCenter Server Vulnerability Now Actively Exploited

Latest News

• F5 Patches High-Severity Vulnerabilities in BIG-IP and BIG-IQ Products
• New Speculative Execution Attacks Bypass Spectre Mitigations on Intel and AMD CPUs on Linux
• Microsoft Uncovers 'HM Surf' Vulnerability in macOS TCC Framework
• Iran's APT34 Ramps Up Espionage Using MS Exchange Servers
• Iranian Cybercriminals Act as Brokers to Sell Access to Critical Infrastructure