Skip to main content

Exploitation reported for critical vulnerabilities CVE-2024-38812 and CVE-2024-38813

Threat ID:CC-4565
Threat Severity:High
Published:19 November 2024 2:35 PM

Summary

Exploitation reported for critical vulnerabilities CVE-2024-38812 and CVE-2024-38813

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 8.0 U3d, all prior to 7.0 U3t
VMware vCenter Server
Versions: all prior to 8.0 U3d, all prior to 7.0 U3t
VMware Cloud Foundation

Threat details

Timeline of events

17-09-2024

  • VMSA-2024-0019
  • Broadcom released initial security advisory.
  • NHS England National CSOC published Cyber Alert CC-4551

20-09-2024

  • VMSA-2024-0019.1
  • Broadcom stated that vCenter Server 8.0 U3b updates may introduce a functional issue.

21-10-2024

  • VMSA-2024-0019.2
  • Broadcom determine that initial patches do not fully address CVE-2024-38812 and CVE-2024-38813 and issued new patches.
  • NHS England National CSOC published Cyber Alert CC-4565 to encourage organisations to apply revised patch.

18-11-2024

  • VMSA-2024-0019.3
  • Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813.
  • NHS England National CSOC updated cyber alert CC-4565 and raised the threat severity level from Medium to High.

Introduction

Broadcom released security updates in Sept 2024 to remediate against CVE-2024-38812 and CVE-2024-38813, vulnerabilities that if exploited could lead to remote code execution and privilege escalation.

These vulnerabilities were not fully remediated by the security updates, and Broadcom reissued the security updates in Oct 2024. The revised advisory included updated software packages to address security and functional issues reported after the original disclosure.

Broadcom has updated their advisory again to report that these vulnerabilities are now being exploited in the wild.



Vulnerability details

  • CVE-2024-38812 is a heap-overflow vulnerability in VMware vCenter Server with a CVSSv3 score of 9.8. An attacker with network access to vCenter Server could trigger this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution.

  • CVE-2024-38813 is a privilege escalation vulnerability in vCenter Server with a CVSSv3 score of 7.5. An attacker with network access to vCenter Server could exploit this vulnerability by sending a specially crafted network packet to escalate privileges to root.

Exploitation of CVE-2024-38812 and CVE-2024-38813

Broadcom has reported exploitation of CVE-2024-38812 and CVE-2024-38813 in the wild. 

Remediation advice

Affected organisations must review Broadcom's VMware advisory VMSA-2024-0019 and VMSA-2024-0019: Questions & Answers and apply the relevant updates.

More information about applying async patches/individual product updates to VMware Cloud Foundation environments using Async Patch Tool (AP Tool) is available in Article ID: 344935.

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-38812The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
StatusPublished
CVE-2024-38813The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Last edited: 19 November 2024 2:35 pm

Back to top