September 17, 2024 at 04:00PM
Broadcom has addressed a critical VMware vCenter Server vulnerability (CVE-2024-38812) that allows unauthenticated remote attackers to achieve remote code execution through a heap overflow weakness in vCenter’s DCE/RPC protocol. Security patches are available, with the company advising administrators to apply the updates listed in the VMware Security Advisory to protect their organizations.
Based on the provided meeting notes, the following key takeaways can be extracted:
1. Broadcom has addressed a critical vulnerability (CVE-2024-38812) in VMware vCenter Server that allows unauthenticated attackers to exploit a heap overflow weakness in the DCE/RPC protocol implementation, potentially leading to remote code execution on unpatched servers.
2. The vulnerability also affects products containing vCenter, including VMware vSphere and VMware Cloud Foundation.
3. Security patches addressing this vulnerability are now available through standard vCenter Server update mechanisms.
4. An official workaround for the CVE-2024-38812 vulnerability is not available, and administrators who are unable to immediately apply security updates are advised to strictly control network perimeter access to vSphere management components and interfaces.
5. Broadcom has not identified any evidence of the CVE-2023-34048 RCE bug being actively exploited in attacks.
6. Today, the company also addressed a high-severity privilege escalation vulnerability (CVE-2024-38813) that could allow threat actors to gain root privileges on vulnerable servers.
7. In January, Broadcom disclosed that a Chinese hacking group, tracked as UNC3886 by security firm Mandiant, had been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021 to deploy backdoors on ESXi hosts via maliciously crafted vSphere Installation Bundles (VIBs).
These clear takeaways provide a concise summary of the issues discussed in the meeting notes.