Actively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure

Broadcom has updated an urgent security advisory following confirmation of in-the-wild exploitation of two critical vulnerabilities affecting its vCenter Server platform: CVE-2024-38812 and CVE-2024-38813. These vulnerabilities, disclosed as part of the 2024 Matrix Cup cybersecurity contest, pose significant risks to organizations relying on VMware’s virtualized infrastructure.

Rated at a staggering CVSS score of 9.8, CVE-2024-38812 is a heap-overflow vulnerability that allows attackers to execute remote code on a vCenter Server. The flaw resides in the implementation of the Distributed Computing Environment / Remote Procedure Call (DCERPC) protocol. By sending maliciously crafted packets to a vulnerable server, attackers with network access can trigger remote code execution, potentially compromising the entire vCenter environment.

The second vulnerability, CVE-2024-38813, scored 7.5 on the CVSS scale and allows attackers to elevate privileges to root by exploiting a similar DCERPC packet-based flaw. While less critical than CVE-2024-38812, the combination of remote code execution with privilege escalation significantly amplifies the risk of exploitation.

Broadcom, which now oversees VMware, confirmed the active exploitation of these vulnerabilities. Initial patches were released in September, but an updated advisory issued in October highlighted that the first patch for CVE-2024-38812 was incomplete. As a result, VMware has released a second round of fixes and is strongly advising system administrators to update affected systems without delay.

Last month, the SonicWall Capture Labs Threat Research Team published a detailed analysis of CVE-2024-38812, shedding light on the technical mechanics of the heap-overflow vulnerability.

VMware vCenter Server versions 8.0 and 7.0 are susceptible to these vulnerabilities. VMware Cloud Foundation is also impacted. Broadcom urges administrators to prioritize patching their systems to the latest versions:

• vCenter Server 8.0: Update to version 8.0 U3d or 8.0 U2e
• vCenter Server 7.0: Update to version 7.0 U3t
• VMware Cloud Foundation: Apply the asynchronous patch

Related Posts:

• Researcher Details CVE-2024-38812 (CVSS 9.8): Critical RCE Flaw in VMware vCenter
• CVE-2024-38812: VMware’s 9.8 Severity Security Nightmare
• Critical VMware vCenter Server Flaw Allows Remote Code Execution
• VMware Confirms CVE-2023-34048 RCE Flaw in vCenter Exploited in the Wild
• Broadcom Security Alert: VMware Vulnerabilities Expose Data, Enable Attacks