VMware vCenter Server RCE vulnerability patched by Broadcom

Researchers find a critical vulnerability affecting multiple VMware products

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

VMware vCenter Server, Broadcom’s central management hub for the VMware vSphere suite, had a critical-severity vulnerability that allowed threat actors to remotely executemalicious codeon unpatched servers.

The exploit involves a low-complexity attack that can be pulled off without victim interaction. VMware vSphere is a virtualization platform that allows admins to create and manage virtual machines and computing resources in adata center.

Its central management hub, vCenter Server, was vulnerable to a heap-overflow bug in the implementation of the DCERPC protocol, a flaw that is now tracked as CVE-2024-38812. It was given a severity score of 9.8/10 (critical), and was recently patched.

Patches and workarounds

Patches and workarounds

Besides vCenter Server, it was claimed VMware Cloud Foundation was vulnerable to the same bug, as well. VMware Cloud Foundation is an integrated software platform that combines VMware’s compute, storage, and network virtualization products with management and automation tools to create a unified hybrid cloud infrastructure.

The bug was discovered by cybersecurity researchers TZL, during China’s 2024 Matrix Cup hacking contest. As per the researchers, a malicious actor could theoretically send a specially crafted network packet, which could lead to remote code execution.

Broadcom, VMware’s parent company, recently released a fix and is urging users to apply it immediately.

“To ensure full protection for yourself and your organization, install one of the update versions listed in the VMware Security Advisory,” the company said. “While other mitigations may be available depending on your organization’s security posture, defense-in-depth strategies, and firewall configurations, each organization must evaluate the adequacy of these protections independently.”

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

If applying the patch is not an option right now, make sure you tightly control network perimeter access to vSphere management components and interfaces. The good news is that there is no evidence of in-the-wild abuse yet. However, now that the news is out, it is only a matter of time before hackers start scanning for vulnerable endpoints.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)