Immediate Action Required: High-Risk Vulnerabilities Discovered in VMware vCenter Server
Brook.X
Broadcom, the parent company of the virtualization product VMware vCenter Server, recently unveiled two critical security flaws within its software. These vulnerabilities were disclosed last night, prompting an immediate call for enterprises using VMware Cloud Foundation and VMware vSphere to upgrade without delay.
vCenter Server is an essential management tool for virtual machines and hosts within the Cloud Foundation and vSphere suites, relied upon by nearly all enterprises utilizing these products. The vulnerabilities identified by Broadcom are tagged as CVE-2024-37079 and CVE-2024-37080, each with a CVSS 3.0 rating of 9.8 out of 10, indicating a severe level of threat.
To prevent potential exploitation by attackers on enterprises that have not yet upgraded, Broadcom has opted not to release detailed information about these vulnerabilities. However, it was mentioned that both issues are stack overflow vulnerabilities within the DCE/RPC protocol, which stands for Distributed Computing Environment and Remote Procedure Call. Attackers with network access to vCenter Server could exploit these vulnerabilities by sending specially crafted network packets, enabling remote code execution.
While there is no evidence to suggest these vulnerabilities were exploited before Broadcom's patch, it is clear that hackers will soon start probing for these weaknesses. Enterprises that fail to promptly upgrade to the latest version may face significant security risks.
It's important to note that older versions of vSphere, including 6.5 and 6.7, have ceased support and thus will not receive security updates. Broadcom has not specified whether these versions are affected by the vulnerabilities, but continuing to use unsupported versions will only increase security risks.
Additionally, Broadcom also patched a vulnerability tagged as CVE-2024-37081, with a severity rating of 7.8. This flaw, a misconfiguration in sudo settings, could allow non-administrative users to elevate their privileges to an administrator level, bypassing security controls.
