VMware vCenter Server, Broadcom’s central management hub for the VMware vSphere suite, had a critical severity vulnerability that allowed threat actors to remotely execute malicious code on unpatched servers. The vulnerability involves a low-complexity attack that can be carried out without any interaction with the victim.
VMware vSphere is a virtualization platform that enables administrators to create and manage virtual machines and computing resources in a data center.
Its central management center, vCenter Server, was vulnerable to a stack overflow bug in the DCERPC protocol implementation, a flaw now known as CVE-2024-38812. It was assigned a severity score of 9.8/10 (critical) and was recently patched.
Patches and workarounds
In addition to vCenter Server, VMware Cloud Foundation was also said to be vulnerable to the same bug. VMware Cloud Foundation is an integrated software platform that combines VMware's network, storage, and compute virtualization products with management and automation tools to create a unified hybrid cloud infrastructure.
The bug was discovered by cybersecurity researchers TZL, during the context of the hack of China's Matrix Cup 2024, BleepingComputer reports. According to the researchers, a malicious actor could theoretically send a specially crafted network packet, which could lead to remote code execution.
VMware's parent company Broadcom recently released a fix and urges users to implement it immediately.
“To ensure complete protection for you and your organization, please install one of the update releases listed in VMware's security advisory,” the company said. “While other mitigations may be available based on your organization's security posture, defense-in-depth strategies, and firewall configurations, each organization should independently evaluate the adequacy of these protections.”
If patching is not an option at this time, be sure to strictly control network perimeter access to vSphere components and management interfaces. The good news is that there is no evidence of network abuse yet. However, now that the news is out, it is only a matter of time before hackers start scanning for vulnerable endpoints.
Through Computer beeping
