October 22, 2024 at 01:05PM
VMware released a second patch for two critical vulnerabilities in vCenter Server: CVE-2024-38812 (heap overflow, CVSS 9.8) and CVE-2024-38813 (privilege escalation, CVSS 7.5). Both flaws could allow remote code execution and administrative access, prompting urgent patching. No known exploits exist, but attackers target VMware systems extensively.
### Meeting Takeaways
1. **Critical Bugs in vCenter Server**: VMware has released a second patch for two critical vulnerabilities in vCenter Server, following an initial patch that failed to resolve the issues.
2. **Details of the Vulnerabilities**:
– **CVE-2024-38812**:
– Severity: Critical (CVSS score: 9.8/10)
– Affects: vCenter versions 7.0.3, 8.0.2, and 8.0.3, as well as earlier versions of vSphere and VMware Cloud Foundation.
– Exploit Method: Allows remote code execution (RCE) through a specially crafted network packet without user interaction.
– **CVE-2024-38813**:
– Severity: High (CVSS score: 7.5/10)
– Nature: Privilege escalation vulnerability, allowing network-accessible users to send crafted packets to gain root access.
3. **No Workarounds Available**: Both vulnerabilities do not have any workarounds, making immediate patching critical.
4. **Importance of Patching**: Broadcom advises all customers to promptly apply the patches detailed in the Response Matrix to prevent potential exploitation.
5. **Security Implications**: The combination of these flaws could enable an attacker to remotely execute code and escalate privileges, posing significant risk due to VMware’s extensive usage in organizations.
6. **Current Exploitation Status**: Broadcom has stated that it is not aware of any exploitation “in the wild,” but emphasizes the importance of swift patching.
7. **Discovery of Vulnerabilities**: The bugs were discovered by researchers Zbl and srs from Team TZL at Tsinghua University during the Matrix Cup Cyber Security Competition in June.
8. **Background on Cyber Threats**: Ransomware gangs and nation-state actors are known to target VMware systems, highlighting the urgent need for security measures.
### Action Items
– **Immediate Patching**: Ensure that all relevant systems are updated with the latest patches to mitigate the vulnerabilities.
– **Monitor for Updates**: Stay informed on any new developments or security advisories from VMware/Broadcom.
– **Review Security Practices**: Evaluate current security protocols related to VMware systems in light of recent vulnerabilities.