Summary: This content discusses critical-rated flaws in VMware’s vCenter Server, which could potentially lead to remote code execution if exploited by a malicious actor.
Threat Actor: Unknown | Unknown
Victim: VMware | VMware
Key Point :
- VMware has identified two critical-rated flaws in its vCenter Server, which are heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol.
- A malicious actor with network access to vCenter Server can exploit these vulnerabilities by sending a specially crafted network packet, potentially leading to remote code execution.
VMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server – the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites.
Announced late on Monday night, Pacific Time, the critical-rated flaws are CVE-2024-37079 and CVE-2024-37080, both of which scored 9.8 on the ten-point Common Vulnerability Scoring System v3 scale.
VMware’s security bulletin describes both of the flaws as “heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol” that mean “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution.”
DCE/RPC (which stands for Distributed Computing Environment/Remote Procedure Calls) is a means of calling a procedure on a remote machine as if it were a local machine – just the ticket when managing virtual machines.
However, the prospect of an attacker using the flaws to run code on vCenter Server and drive fleets of VMs and hosts is deeply unpleasant.
VMware has published a resource for its customers that states the Broadcom business unit “is not currently aware of exploitation ‘in the wild’.”
The good news is that patched versions of vCenter Server and Cloud Foundation are already available.
The bad news is that VMware hass not considered whether the flaws impact older versions of vSphere – meaning versions 6.5 and 6.7, which exited support in October 2022 but are still widely used, may be impacted but won’t be fixed.
Further unwelcome news is that VMware also revealed a third flaw – CVE-2024-37081 – described as “local privilege escalation vulnerabilities due to misconfiguration of sudo.” This one is rated important, with a score of 7.8, as it could mean “An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.”
The versions of vCenter Server and Coud Foundation affected by these flaws were released before Broadcom took over VMware – a tidbit we mention as some doomsayers have suggested job cuts at the virty giant could impact product quality.
VMware has tipped its hat to Matei “Mal” Badanoiu of Deloitte Romania for finding the flaws. ®
Source: https://www.theregister.com/2024/06/18/vmware_criticial_vcenter_flaws
“An interesting youtube video that may be related to the article above”