Ethical Hacking News
Critical VMware vCenter RCE Bug Exploited After Broadcom's Patch Fumble: A Stark Reminder of the Risks Associated with Third-Party Software
The critical heap-overflow vulnerability CVE-2024-38812 in VMware's vCenter Server has been exploited in the wild after Broadcom's initial attempt to patch it fell short. The bug carries a severity rating of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS) and can be exploited by an attacker with network access to remotely execute malicious code. Another critical vulnerability, CVE-2024-38813, has also been exploited after Broadcom's initial patch attempt, carrying a severity rating of 7.5 on the CVSS scale. The exploit occurred despite Broadcom issuing an update to the original patches in October, which they claimed did not completely address the flaws. Organizations that rely on vCenter Server should take immediate action to address these vulnerabilities and ensure their systems are up-to-date with the latest patches.
In a disturbing development, a critical heap-overflow vulnerability in VMware's vCenter Server has been exploited in the wild after Broadcom's initial attempt to patch it fell short. This bug, identified as CVE-2024-38812, carries a severity rating of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), making it one of the most critical vulnerabilities discovered recently.
The vulnerability is related to the Distributed Computing Environment/Remote Procedure Calls (DCERPC) protocol and can be exploited by an attacker with network access, potentially allowing them to remotely execute malicious code on a vulnerable system. This bug affects versions 7 and 8 of vCenter Server and versions 4 and 5 of VMware Cloud Foundation.
Furthermore, CVE-2024-38813, another critical vulnerability in the handling of the DCERPC protocol, has also been exploited after Broadcom's initial patch attempt. This vulnerability carries a severity rating of 7.5 on the CVSS scale and can be exploited by an attacker with network access to escalate privileges to root.
The exploit for both vulnerabilities occurred after Broadcom issued an update to the original patches in October, which they claimed did not completely address the flaws. However, it has since been confirmed that exploitation has indeed occurred in the wild for both CVE-2024-38812 and CVE-2024-38813.
This highlights the importance of timely patching and vulnerability management in maintaining the security of critical systems like vCenter Server. Organizations that rely on vCenter Server to manage their virtual infrastructure should take immediate action to address these vulnerabilities and ensure that their systems are up-to-date with the latest patches.
The exploitation of this vulnerability also serves as a stark reminder of the risks associated with relying on third-party software, such as VMware's vCenter Server. As seen in previous instances, critical flaws like these can be exploited by malicious actors, leading to severe consequences, including data breaches and system compromise.
In light of this development, it is essential for organizations to prioritize vulnerability management and patching, ensuring that their systems are protected against the latest threats. Furthermore, Broadcom's failure to completely address these vulnerabilities in its initial patches underscores the need for careful testing and validation of security patches before release.
The fact that exploitation has occurred in the wild also raises concerns about the effectiveness of Broadcom's patching efforts and highlights the importance of monitoring for post-patch vulnerability disclosure.
In conclusion, the critical heap-overflow vulnerability in VMware vCenter Server and its subsequent exploitation after Broadcom's patch fumble serves as a stark reminder of the risks associated with relying on third-party software. It is crucial that organizations prioritize vulnerability management and patching to protect themselves against such threats.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/
https://nvd.nist.gov/vuln/detail/CVE-2024-38812
https://www.cvedetails.com/cve/CVE-2024-38812/
https://nvd.nist.gov/vuln/detail/CVE-2024-38813
https://www.cvedetails.com/cve/CVE-2024-38813/
Published: Mon Nov 18 17:03:16 2024 by llama3.2 3B Q4_K_M
