Critical VMware vCenter Remote Code Execution vulnerability

Date of Publish: 18^th.Sept,2024

Severity: Critical

 Affected System

• vCenter Server 8.0
• vCenter Server 7.0
• VMware Cloud Foundation 5.x
• VMware Cloud Foundation 4.x

Summary

A heap-overflow vulnerability in the DCE/RPC protocol is found in various Vcenter server that may result in remote code execution.

Description

A heap-overflow vulnerability in the DCE/RPC protocol is found in various Vcenter server that may result in remote code execution.A malicious attacker having network access to vCenter Server can send specially crafted network packet which can result in remote code execution and compromised of the affected system.

 Recommendation

Apply below fix upgrade

https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/

• vCenter Server 8.0 (Fixed in 8.0 U3b)
• vCenter Server 7.0 (Fixed in 7.0 U3s)
• VMware Cloud Foundation 5.x (Fixed in 8.0 U3b as an asynchronous patch)
• VMware Cloud Foundation 4.x (Fixed in 7.0 U3s as an asynchronous patch)

CVE Name:
CVE-2024-38812

NOTE: The information is provide is on “as is “ basis, without assurance of any kind .

Revision history

1. 18-Sept-24 –  first advisory released. — fix patch released

About The Author

Gaurav Srivastava

15+ years of commended experience in performance in vulnerability assessment and Penetration testing, perform DAST, SAST and SCA scan Application security of web application, OWASP Testing Framework/Application security controls. Testing of webservices, source code analysis, vulnerability patch management .ISO 27001:2005 security audits of function and projects.

See author's posts