Cyber security news for all

More

    VMware Unveils Critical Update for vCenter Server to Remedy Severe RCE Vulnerability

    VMware has rolled out crucial updates aimed at resolving a previously identified vulnerability within vCenter Server that could be exploited for remote code execution (RCE).

    This vulnerability, cataloged as CVE-2024-38812 and carrying a CVSS severity score of 9.8, stems from a heap-overflow flaw in how the DCE/RPC protocol is handled.

    “A malicious entity with network access to the vCenter Server could exploit this flaw by transmitting specially tailored network packets, which may result in remote code execution,” said VMware, now under Broadcom’s umbrella of services.

    The weakness was initially flagged by security researchers zbl and srs from Team TZL during the Matrix Cup cybersecurity competition held earlier this year in China.

    Although VMware released patches on September 17, 2024, it acknowledged that the fix did not entirely eliminate CVE-2024-38812.


    Patch Availability and Versions

    Updated patches for this vulnerability can now be found in the following vCenter Server versions:

    • 8.0 U3d
    • 8.0 U2e
    • 7.0 U3t

    Furthermore, VMware has also issued an asynchronous patch for VMware Cloud Foundation across versions 5.x, 5.1.x, and 4.x. Currently, there are no mitigations available to address this flaw.

    While there have been no reports of this vulnerability being exploited in real-world scenarios, users are strongly encouraged to upgrade to the most recent versions to mitigate potential risks.


    Context of China’s 2021 Law and Vulnerability Disclosure

    In July 2021, China enacted legislation that mandates researchers to report vulnerabilities promptly to both the government and the manufacturer. This raised concerns that the law could enable state actors to hoard zero-day exploits and wield them as cyber weapons to their advantage.

    Recent Articles

    Related Stories