Advisory addresses two vulnerabilities that could result in remote code execution or privilege escalation

Threat ID:CC-4551

Threat Severity:Medium

Published:18 September 2024 1:54 PM

Summary

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 8.0 U3b, all prior to 7.0 U3s

VMware vCenter Server

Versions: all prior to 8.0 U3b, all prior to 7.0 U3s

VMware Cloud Foundation

Threat details

New updates released for CVE-2024-38812

On 21st October 2024 Broadcom updated advisory VMSA-2024-0019 with new security updates as it became aware that the releases noted in this alert do not fully remediate CVE-2024-38812.

The NHS England National Cyber Security Operations Centre (CSOC) has issued cyber alert CC-4565 in response, which supersedes this cyber alert.

Introduction

Broadcom has issued a critical security advisory addressing two vulnerabilities in VMware vCenter Server, the centralised management utility for virtual machines and hosts, and VMware Cloud Foundation, the private cloud platform.

Vulnerability details

CVE-2024-38812 is a heap-overflow vulnerability in VMware vCenter Server with a CVSSv3 score of 9.8. An attacker with network access to vCenter Server could trigger this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution.

CVE-2024-38813 is a privilege escalation vulnerability in vCenter Server with a CVSSv3 score of 7.5. An attacker with network access to vCenter Server could exploit this vulnerability by sending a specially crafted network packet to escalate privileges to root.

Previous VMware product targeting

VMware applications have become a popular target for ransomware and data-extortion groups, and rapidly patching vulnerable software should be considered of critical importance.

NHS England National CSOC advises that affected organisations consider updating as a priority and VMware state that "These issues would qualify under ITIL methodologies as an emergency change, requiring prompt action from your organization" in VMSA-2024-0019: Questions & Answers.

Threat updates


23 Oct 2024	New updates released for CVE-2024-38812 CC-4565 has been published in response

Remediation advice

Affected organisations are encouraged to review Broadcom's VMware advisory VMSA-2024-0019 and VMSA-2024-0019: Questions & Answers and apply the relevant updates.

More information about applying async patches/individual product updates to VMware Cloud Foundation environments using Async Patch Tool (AP Tool) is available in Article ID: 344935.

Definitive source of threat updates

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/

https://knowledge.broadcom.com/external/article?legacyId=88287

CVE Vulnerabilities

StatusPublished

CVE-2024-38812The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

StatusPublished

CVE-2024-38813The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Last edited: 23 October 2024 2:27 pm