CVE-2024-38812: A new Critical Remote Code Execution (RCE) Vulnerability Patched in VMware vCenter Server and Cloud Foundation
On September 17, 2024, Broadcom issued a critical security patch for VMware vCenter Server and Cloud Foundation to address a serious Remote Code Execution (RCE) vulnerability, identified as CVE-2024-38812. This flaw arises from a heap-overflow issue in the DCERPC protocol, allowing remote attackers to send specially crafted network packets to vCenter Server, potentially enabling them to execute arbitrary code.
This vulnerability was responsibly disclosed to VMware by security researchers, and while no active exploitation or publicly available proof-of-concept has been observed yet, similar vulnerabilities have been exploited in the past, according to CISA's Known Exploited Vulnerabilities Catalog. Given the critical nature of VMware vCenter Server in many organizations, it's likely threat actors will soon attempt to reverse engineer this patch and develop exploits.
We strongly advise all affected organizations to update to the latest fixed version as soon as possible:
Ensure that your patching process follows organizational guidelines to avoid disruptions and minimize operational risks.
Product | Affected Version | Fixed Version |
---|---|---|
VMware vCenter Server | 8.0 | 8.0 U3b |
7.0 | 7.0 U3s | |
VMware Cloud Foundation | 5.x | Async patch to 8.0 U3b |
4.x | Async patch to 7.0 U3s |
By staying proactive and applying these updates promptly, organizations can protect themselves from potential future exploits.