Broadcom Releases Critical Security Advisory for VMware vCenter Server and Cloud Foundation

Advisory addresses two vulnerabilities that could result in remote code execution or privilege escalation

Threat ID:: CC-4551
Threat Severity:: Medium
Published:: 18 September 2024 1:54 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Advisory addresses two vulnerabilities that could result in remote code execution or privilege escalation

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 8.0 U3b, all prior to 7.0 U3s

VMware vCenter Server

Versions: all prior to 8.0 U3b, all prior to 7.0 U3s

VMware Cloud Foundation

Threat details

New updates released for CVE-2024-38812

On 21st October 2024 Broadcom updated advisory VMSA-2024-0019 with new security updates as it became aware that the releases noted in this alert do not fully remediate CVE-2024-38812.

The NHS England National Cyber Security Operations Centre (CSOC) has issued cyber alert CC-4565 in response, which supersedes this cyber alert.

Introduction

Broadcom has issued a critical security advisory addressing two vulnerabilities in VMware vCenter Server, the centralised management utility for virtual machines and hosts, and VMware Cloud Foundation, the private cloud platform.

Vulnerability details

CVE-2024-38812 is a heap-overflow vulnerability in VMware vCenter Server with a CVSSv3 score of 9.8. An attacker with network access to vCenter Server could trigger this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution.
CVE-2024-38813 is a privilege escalation vulnerability in vCenter Server with a CVSSv3 score of 7.5. An attacker with network access to vCenter Server could exploit this vulnerability by sending a specially crafted network packet to escalate privileges to root.

Previous VMware product targeting

VMware applications have become a popular target for ransomware and data-extortion groups, and rapidly patching vulnerable software should be considered of critical importance.

NHS England National CSOC advises that affected organisations consider updating as a priority and VMware state that "These issues would qualify under ITIL methodologies as an emergency change, requiring prompt action from your organization" in VMSA-2024-0019: Questions & Answers.

Threat updates

Date	Update
23 Oct 2024	New updates released for CVE-2024-38812 CC-4565 has been published in response

Remediation advice

Affected organisations are encouraged to review Broadcom's VMware advisory VMSA-2024-0019 and VMSA-2024-0019: Questions & Answers and apply the relevant updates.

More information about applying async patches/individual product updates to VMware Cloud Foundation environments using Async Patch Tool (AP Tool) is available in Article ID: 344935.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2024-38812

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Status Published

CVE-2024-38813

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Last edited: 23 October 2024 2:27 pm