Broadcom confirms active exploitation of two vulnerabilities in VMware vCenter Server
Take action: This is now an urgent advisory - If you are running VMware vCenter Server, make sure the vSphere management components are accessilble only from a trusted network and isolated from public access. And patch ASAP, because the flaws have been well researched and are actively attacked.
Learn More
Broadcom is reporting active exploitation of two vulnerabilities in VMware vCenter Server, including a critical remote code execution flaw. These vulnerabilities were initially discovered during China's 2024 Matrix Cup hacking contest by TZL security researchers.
The primary vulnerabilities under attack are:
- CVE-2024-38812 (CVSS score 9.8) - Remote Code Execution caused by a heap overflow weakness in vCenter's DCE/RPC protocol implementation. It allows remote code execution through specially crafted network packets.
- CVE-2024-38813 (CVSS score 7.5) - Privilege Escalation that allows attackers to escalate privileges to root level via specially crafted network packet
The vulnerabilities affect multiple VMware products, including VMware vSphere and VMware Cloud Foundation (versions 4 and 5). While Broadcom released initial security updates in September 2024, they later acknowledged that the original patches didn't fully address the vulnerabilities, necessitating additional updates in October.
No workaround mitigations are available for these vulnerabilities. Immediate application of the latest security updates is strongly recommended. Broadcom has released a supplemental advisory with detailed patch deployment instructions.
