CVE-2024-38812: Critical Remote Code Execution (RCE) Vulnerability Patched in VMware vCenter Server and Cloud Foundation

CVE-2024-38812: A new Critical Remote Code Execution (RCE) Vulnerability Patched in VMware vCenter Server and Cloud Foundation

By
Peter Bassill
September 18, 2024
1
min read
CVE-2024-38812: Critical Remote Code Execution (RCE) Vulnerability Patched in VMware vCenter Server and Cloud Foundation

On September 17, 2024, Broadcom issued a critical security patch for VMware vCenter Server and Cloud Foundation to address a serious Remote Code Execution (RCE) vulnerability, identified as CVE-2024-38812. This flaw arises from a heap-overflow issue in the DCERPC protocol, allowing remote attackers to send specially crafted network packets to vCenter Server, potentially enabling them to execute arbitrary code.

This vulnerability was responsibly disclosed to VMware by security researchers, and while no active exploitation or publicly available proof-of-concept has been observed yet, similar vulnerabilities have been exploited in the past, according to CISA's Known Exploited Vulnerabilities Catalog. Given the critical nature of VMware vCenter Server in many organizations, it's likely threat actors will soon attempt to reverse engineer this patch and develop exploits.

Recommendations: Upgrade to the Latest Fixed Version

We strongly advise all affected organizations to update to the latest fixed version as soon as possible:

Ensure that your patching process follows organizational guidelines to avoid disruptions and minimize operational risks.

Product Affected Version Fixed Version
VMware vCenter Server 8.0 8.0 U3b
7.0 7.0 U3s
VMware Cloud Foundation 5.x Async patch to 8.0 U3b
4.x Async patch to 7.0 U3s

References:

By staying proactive and applying these updates promptly, organizations can protect themselves from potential future exploits.

Share this post