Broadcom has mounted a important VMware vCenter Server vulnerability that attackers can exploit to achieve distant code execution on unpatched servers through a community packet.
vCenter Server is the central administration hub for VMware’s vSphere suite, serving to directors handle and monitor virtualized infrastructure.
The vulnerability (CVE-2024-38812), reported by TZL safety researchers throughout China’s 2024 Matrix Cup hacking contest, is brought on by a heap overflow weak spot in vCenter’s DCE/RPC protocol implementation. It additionally impacts merchandise containing vCenter, together with VMware vSphere and VMware Cloud Basis.
Unauthenticated attackers can exploit it remotely in low-complexity assaults that do not require consumer interplay “by sending a specifically crafted community packet probably resulting in distant code execution.”
Safety patches addressing this vulnerability at the moment are accessible by way of the usual vCenter Server replace mechanisms.
“To make sure full safety for your self and your group, set up one of many replace variations listed within the VMware Safety Advisory,” the corporate mentioned.
“Whereas different mitigations could also be obtainable relying in your group’s safety posture, defense-in-depth methods, and firewall configurations, every group should consider the adequacy of those protections independently.”
Not exploited in assaults
Broadcom says it has not discovered proof that the CVE-2023-34048 RCE bug is presently exploited in assaults.
Admins who’re unable to right away apply at present’s safety updates ought to strictly management community perimeter entry to vSphere administration parts and interfaces, together with storage and community parts, as an official workaround for this vulnerability is unavailable.
At present, the corporate additionally patched a high-severity privilege escalation vulnerability (CVE-2024-38813) that risk actors can leverage to achieve root privileges on susceptible servers through a specifically crafted community packet.
In June, it mounted the same vCenter Server distant code execution vulnerability (CVE-2024-37079) that may be exploited through specifically crafted packets.
In January, Broadcom disclosed {that a} Chinese language hacking group has been exploiting a important vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at the very least late 2021.
The risk group (tracked as UNC3886 by safety agency Mandiant) used it to breach susceptible vCenter servers to deploy VirtualPita and VirtualPie backdoors on ESXi hosts through maliciously crafted vSphere Set up Bundles (VIBs).