VMware has launched one other security replace for CVE-2024-38812, a important VMware vCenter Server distant code execution vulnerability that was not accurately fastened within the first patch from September 2024.
The flaw is rated important (CVSS v3.1 rating: 9.8) and stems from a heap overflow weak point in vCenter’s DCE/RPC protocol implementation, impacting the vCenter Server and any merchandise incorporating it, reminiscent of vSphere and Cloud Basis.
The flaw doesn’t require consumer interplay for exploitation, as distant code execution is triggered when a specifically crafted community packet is acquired.
The vulnerability was found and utilized by TZL security researchers throughout China’s 2024 Matrix Cup hacking contest. The researchers additionally disclosed CVE-2024-38813, a high-severity privilege escalation flaw additionally impacting VMware vCenter.
In an replace of its security advisory on these two vulnerabilities, VMware says that new patches needed to be issued for vCenter 7.0.3, 8.0.2, and eight.0.3, because the earlier fixes didn’t accurately repair the RCE flaw.
“VMware by Broadcom has decided that the vCenter patches launched on September 17, 2024 didn’t totally handle CVE-2024-38812,” reads the up to date security advisory.
“All clients are strongly inspired to use the patches presently listed within the Response Matrix.”
The newest security updates can be found on VMware vCenter Server 8.0 U3d, 8.0 U2e, and seven.0 U3t.
Older product variations previous their end-of-support dates, such because the vSphere 6.5 and 6.7, are confirmed as impacted however is not going to obtain security updates.
No workarounds can be found for both flaw, so impacted customers are really helpful to use the newest updates as quickly as potential.
VMware notes it has not acquired any experiences or noticed exploitation of the stated flaws within the wild as of but.
For extra info, take a look at this Q&A broadcast as a companion to the bulletin to assist make clear some factors.
These new security updates ought to be utilized as quickly as potential, as risk actors generally goal VMware vCenter flaws to raise privileges or achieve entry to digital machines.
In the beginning of the 12 months, Mandiant disclosed that Chinese language state-sponsored hackers tracked as UNC3886 exploited CVE-2023-34048, a important vulnerability in vCenter Server, as a zero-day to backdoor VMware ESXi digital machines.
