November 18, 2024 at 02:00PM
Broadcom has warned that two VMware vCenter Server vulnerabilities, CVE-2024-38812 (a critical remote code execution flaw) and CVE-2024-38813 (a privilege escalation flaw), are being actively exploited. Customers are urged to apply new security updates to mitigate risks, as no workarounds are available for these vulnerabilities.
### Meeting Takeaways
1. **Active Exploitation of Vulnerabilities**: Broadcom reported that attackers are exploiting two critical vulnerabilities in VMware vCenter Server:
– **CVE-2024-38812**: A critical remote code execution (RCE) vulnerability linked to a heap overflow in the vCenter’s DCE/RPC protocol.
– **CVE-2024-38813**: A privilege escalation flaw that allows attackers to gain root access using specially crafted network packets.
2. **Origin and Reporting**: The vulnerabilities were identified by TZL security researchers during the China 2024 Matrix Cup hacking contest.
3. **Security Patch Status**:
– Initial security updates were released in September, but further vulnerabilities were identified, particularly that the original patch for CVE-2024-38812 was insufficient.
– Broadcom has issued a strong recommendation for administrators to apply the new updates immediately since no effective workarounds exist.
4. **Supplemental Advisory**: Broadcom provided additional information on how to implement the security updates and noted potential issues for those who have already upgraded.
5. **Historical Context**:
– A similar vulnerability (CVE-2024-37079) was addressed in June.
– Attackers, notably ransomware gangs and state-sponsored groups, have a history of targeting VMware vCenter vulnerabilities, such as the exploitation of CVE-2023-34048 by Chinese state hackers to deploy backdoors on ESXi hosts.
6. **Action Required**: Impacted customers must prioritize the application of the latest security updates to mitigate risks associated with these vulnerabilities.