Broadcom Warns of High-Risk VMware HCX Vulnerability (CVE-2024-38814)

CVE-2024-38814 - VMware HCX

In a recent security advisory, Broadcom disclosed a significant SQL injection vulnerability (CVE-2024-38814) affecting VMware HCX, a key component used in multi-cloud infrastructures to enable application migration and disaster recovery. This vulnerability, with a CVSS score of 8.8, falls into the “Important” severity category, indicating a high risk of exploitation if left unpatched.

The vulnerability was privately reported to VMware and involves an authenticated SQL injection flaw that can be exploited by a malicious user with non-administrator privileges. As detailed in the advisory, “a malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager.” This means that even low-privileged users can potentially take control of the affected system, leading to severe consequences such as data breaches or service disruption.

VMware credits Sina Kheirkhah of the Summoning Team, working with Trend Micro’s Zero Day Initiative (ZDI), for discovering and reporting the vulnerability.

The advisory lists several affected versions of VMware HCX, including versions 4.10.x, 4.9.x, and 4.8.x. To mitigate this vulnerability, VMware recommends applying the following patches:

  • VMware HCX 4.10.x: Update to version 4.10.1
  • VMware HCX 4.9.x: Update to version 4.9.2
  • VMware HCX 4.8.x: Update to version 4.8.3

VMware emphasizes the importance of immediate patching, as there are no workarounds available for this vulnerability. “To remediate CVE-2024-38814 apply the patches,” the advisory urges, underscoring the urgency for organizations to protect their environments.

Related Posts: