VMware fixes critical vCenter RCE vulnerability, patch now

VMware fixes critical vCenter RCE vulnerability, patch now

June 18, 2024 at 02:11PM

VMware has issued a security advisory for critical vulnerabilities in vCenter Server, impacting versions 7.0 and 8.0, and Cloud Foundation versions 4.x and 5.x. The vulnerabilities include remote code execution and local privilege escalation flaws. The vendor has released fixes for the vulnerabilities and advises applying updates promptly to mitigate potential risks.

Summary of Meeting Notes:

VMware has released a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. The vulnerabilities include heap-overflow issues in the DCERPC protocol implementation, allowing remote code execution, and a misconfiguration of sudo, enabling privilege escalation. These flaws impact VMware vCenter Server versions 7.0 and 8.0, as well as VMware Cloud Foundation versions 4.x and 5.x.

Security updates have been issued in VMware vCenter Server 8.0 U2d, 8.0 U1e, and 7.0 U3r, along with patches for Cloud Foundation pushed through KB88287. The updates may cause temporary unavailability on vSphere Client and other management interfaces.

A precheck is recommended to address an issue with custom ciphers in 7.0 U3r, and VMware advises applying the updates as there are no viable in-product workarounds or mitigations. While no active exploitation of the vulnerabilities has been detected, admins should act swiftly as vCenter flaws are commonly targeted by threat actors.

Full Article