VMware has rolled out software updates to fix an already resolved security issue in vCenter Server that might allow remote code execution.
The security flaw, identified as CVE-2024-38812 (CVSS score: 9.8), pertains to a heap-overflow vulnerability in the deployment of the DCE/RPC protocol.
“A malicious actor with network access to vCenter Server could exploit this vulnerability by transmitting a specially crafted network packet, potentially resulting in remote code execution,” Broadcom-owned virtualization services provider stated.
The security flaw was initially reported by zbl and srs from team TZL at the Matrix Cup cybersecurity competition held in China earlier in the current year.
“Broadcom-analyzed VMware has concluded that the vCenter patches released on September 17, 2024 did not completely resolve CVE-2024-38812,” the organization highlighted.
Patches for the vulnerability can be found in the following vCenter Server versions –
- 8.0 U3d
- 8.0 U2e, and
- 7.0 U3t
Additionally, it is available as an asynchronous patch for VMware Cloud Foundation versions 5.x, 5.1.x, and 4.x. There are no known workarounds.
Despite no instances of the vulnerability being exploited in the wild, users are urged to upgrade to the newest versions as a precaution against potential threats.
In July 2021, China enacted a regulation mandating that vulnerabilities uncovered by researchers in the region must be promptly disclosed to the government and the manufacturer of the product. This has raised concerns that it could assist nation-state adversaries in accumulating zero-days and using them to their advantage.
About Author
