VMware reports critical issues in vCenter and Cloud Foundation
Take action: If you are using VMware vCenter Server or Cloud Foundation first make sure they are isolated from the internet. If they are exposed to the internet patch immediately. If not, you have a bit more time for a systemic patch.
Learn More
VMware has issued a critical security advisory, VMSA-2024-0012, addressing multiple vulnerabilities in VMware vCenter Server, a core component of VMware vSphere and VMware Cloud Foundation products.
If exploited, these vulnerabilities could allow attackers to execute remote code on affected systems.
Critical Severity Vulnerabilities:
Heap-Overflow Vulnerabilities - These vulnerabilities exist in the implementation of the DCERPC protocol within the vCenter Server. They have been rated with a maximum CVSSv3 base score of 9.8, indicating critical severity. A malicious actor with network access to the vCenter Server can exploit these vulnerabilities by sending specially crafted network packets, potentially leading to remote code execution.
-
CVE-2024-37079 (CVSS score 9.8)
-
CVE-2024-37080 (CVSS score 9.8)
High Severity Vulnerabilities:
- CVE-2024-37081 (CVSS score 7.8) - Local Privilege Escalation Vulnerability - This vulnerability is due to a misconfiguration of sudo in the vCenter Server, allowing an authenticated local user with non-administrative privileges to elevate their privileges to root. It has a CVSSv3 base score of 7.8, categorized as important. An authenticated local user can exploit this vulnerability to gain root access on the vCenter Server Appliance.
Organizations using VMware vCenter Server are urged to apply the necessary patches immediately to mitigate these critical vulnerabilities.
- vCenter Server 8.0 is patched in version 8.0 U2d and 8.0 U1e
- vCenter Server 7.0 is patched in version 7.0 U3r
- Cloud Foundation (vCenter Server) 5.x is patched with patch KB88287
- Cloud Foundation (vCenter Server) 4.x is patched with patch KB88287
