Broadcom has fastened a important VMware vCenter Server vulnerability that attackers can exploit to realize distant code execution on unpatched servers by way of a community packet.
vCenter Server is the central administration hub for VMware’s vSphere suite, serving to directors handle and monitor virtualized infrastructure.
The vulnerability (CVE-2024-38812), reported by TZL safety researchers throughout China’s 2024 Matrix Cup hacking contest, is attributable to a heap overflow weak spot in vCenter’s DCE/RPC protocol implementation. It additionally impacts merchandise containing vCenter, together with VMware vSphere and VMware Cloud Basis.
Unauthenticated attackers can exploit it remotely in low-complexity assaults that do not require consumer interplay “by sending a specifically crafted community packet doubtlessly resulting in distant code execution.”
Safety patches addressing this vulnerability are actually accessible by the usual vCenter Server replace mechanisms.
“To make sure full safety for your self and your group, set up one of many replace variations listed within the VMware Safety Advisory,” the corporate mentioned.
“Whereas different mitigations could also be accessible relying in your group’s safety posture, defense-in-depth methods, and firewall configurations, every group should consider the adequacy of those protections independently.”
Not exploited in assaults
Broadcom says it has not discovered proof that the CVE-2023-34048 RCE bug is at the moment exploited in assaults.
Admins who’re unable to right away apply at present’s safety updates ought to strictly management community perimeter entry to vSphere administration elements and interfaces, together with storage and community elements, as an official workaround for this vulnerability is unavailable.
At the moment, the corporate additionally patched a high-severity privilege escalation vulnerability (CVE-2024-38813) that risk actors can leverage to realize root privileges on susceptible servers by way of a specifically crafted community packet.
In June, it fastened an analogous vCenter Server distant code execution vulnerability (CVE-2024-37079) that may be exploited by way of specifically crafted packets.
In January, Broadcom disclosed {that a} Chinese language hacking group has been exploiting a important vCenter Server vulnerability (CVE-2023-34048) as a zero-day since not less than late 2021.
The risk group (tracked as UNC3886 by safety agency Mandiant) used it to breach susceptible vCenter servers to deploy VirtualPita and VirtualPie backdoors on ESXi hosts by way of maliciously crafted vSphere Set up Bundles (VIBs).