Broadcom on Tuesday released updates to address a critical security flaw affecting VMware vCenter Server that could allow remote code execution.
The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), is classified as a heap overflow vulnerability. DCE/RPC protocol.
“A malicious actor with network access to vCenter Server could trigger the vulnerability by sending a specially crafted network packet that potentially leads to remote code execution,” Virtualization Services Provider said In a bulletin
The flaw is similar to two other remote code execution flaws, CVE-2024-37079 and CVE-2024-37080 (CVSS Score: 9.8), which VMware resolved in June 2024 in vCenter Server.
Also addressed by VMware is an elevation of privilege vulnerability in vCenter Server (CVE-2024-38813, CVSS Score: 7.5) that allows a malicious actor with network access to send specially crafted network packets. Can enable privileges to be extended to root by sending.
TZL, a team of security researchers zbl and srs, is credited with discovering and reporting the two flaws Matrix cup In June 2024, a cybersecurity competition was held in China. They are fixed in the version below.
- vCenter Server 8.0 (defaults to 8.0 U3b)
- vCenter Server 7.0 (default in 7.0 U3s)
- VMware Cloud Foundation 5.x (fixed as an incompatible patch in 8.0 U3b)
- VMware Cloud Foundation 4.x (fixed as an incompatible patch in 7.0 U3s)
Broadcom said it was not aware of any malicious exploitation of the two vulnerabilities, but urged users to update their installations to the latest version to avoid potential vulnerabilities.
“These vulnerabilities are memory management and corruption issues that could be exploited against VMware vCenter Services, potentially allowing remote code execution,” the company said. said.
The development came after the US Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a statement. Joint consultation Urging organizations to work to eliminate cross-site scripting (XSS) vulnerabilities that exploiting actors can breach systems.
“Cross-site scripting threats arise when manufacturers fail to properly validate, sanitize, or escape input,” Govt. said. “These failures allow threat actors to inject malicious scripts into web applications, exploiting them to manipulate, steal, or misuse data in various contexts.”