VMware has released a critical security advisory, VMSA-2024-0012, addressing multiple vulnerabilities in VMware vCenter Server, a core component of VMware vSphere and VMware Cloud Foundation products.
If exploited, these vulnerabilities could allow attackers to execute remote code on affected systems.
The advisory highlights several critical vulnerabilities, including heap overflow and local privilege escalation issues. The most severe of these vulnerabilities have been assigned CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081.
Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan
These vulnerabilities exist when implementing the DCERPC protocol within the vCenter Server. They have been rated with a maximum CVSSv3 base score of 9.8, indicating critical severity.
A malicious actor with network access to the vCenter Server can exploit these vulnerabilities by sending specially crafted network packets, potentially leading to remote code execution.
Patch:
VMware has released patches to address these vulnerabilities. Users are advised to apply the updates listed in the ‘Fixed Version’ column of the response matrix below.
This vulnerability is due to misconfiguration of sudo in vCenter Server, allowing an authenticated local user with non-administrative privileges to elevate their privileges to root. It has a CVSSv3 base score of 7.8, categorized as important.
An authenticated local user can exploit this vulnerability to gain root access on the vCenter Server Appliance.
Patch:
Patches have been released to remediate this issue. Users should apply the updates listed in the response matrix.
Response Matrix
VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
---|---|---|---|---|---|---|---|---|
vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | 8.0 U2d | None | FAQ |
vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080 | 9.8, 9.8 | Critical | 8.0 U1e | None | FAQ |
vCenter Server | 7.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | 7.0 U3r | None | FAQ |
Impacted Product Suites
VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
---|---|---|---|---|---|---|---|---|
Cloud Foundation (vCenter Server) | 5.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | KB88287 | None | FAQ |
Cloud Foundation (vCenter Server) | 4.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | KB88287 | None | FAQ |
Organizations using VMware vCenter Server are urged to apply the necessary patches immediately to mitigate these critical vulnerabilities.
Organizations can verify that patches have been successfully applied to vCenter Server by following these steps:
Access the Appliance Shell:
List Installed Patches:
software-packages
utility to view the list of installed patches. Run the following command to see all patches currently applied to the vCenter Server Appliance:bash software-packages list
bash software-packages list --history
Check Specific Patch Details:
bash software-packages list --patch <patch_name>
<patch_name>
with the actual name of the patch you want to check. For example:bash software-packages list --patch VMware-vCenter-Server-Appliance-Patch1
Use the vCenter Server Management Interface (VAMI):
https://<vcenter-hostname-or-IP>:5480
using the root account.Verify System Functionality:
By following these steps, organizations can effectively verify that the latest patches have been successfully applied to their vCenter Server, ensuring the system is up-to-date and secure.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
An Advanced Persistent Threat (APT) is a sophisticated and stealthy cyberattack designed to gain unauthorized,…
Researchers found a significant software supply chain vulnerability, which resulted in an outstanding $50,500 bounty…
A significant threat has emerged in the form of the ZeroLogon ransomware exploit. This exploit…
zkLend, a prominent decentralized finance (DeFi) protocol built on Ethereum's Layer-2 zk-rollup technology, has fallen…
A critical vulnerability in YouTube’s infrastructure allowed attackers to expose the email addresses tied to…
A new wave of cyberattacks has surfaced, with a Mirai-based botnet exploiting a number of…