CVE-2024-37079, CVE-2024-37080: Critical VMware vCenter Server Vulnerabilities Demand Immediate Action

In a security advisory released today, Broadcom revealed multiple critical vulnerabilities in VMware vCenter Server, the widely used virtualization management platform. The flaws, identified as CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081, expose vCenter Server to remote code execution and local privilege escalation attacks.

Critical Heap-Overflow Vulnerabilities (CVE-2024-37079, CVE-2024-37080)

The first set of vulnerabilities, identified as CVE-2024-37079 and CVE-2024-37080, are classified as heap-overflow vulnerabilities within the DCERPC protocol implementation. With a maximum CVSSv3 base score of 9.8, these vulnerabilities fall into the Critical severity range.

A malicious actor with network access to vCenter Server can exploit these vulnerabilities by sending specially crafted network packets. This could potentially lead to remote code execution, giving attackers the ability to execute arbitrary code on the affected systems. The implications of such an exploit are far-reaching, potentially compromising the entire virtual infrastructure managed by the vulnerable vCenter Server.

Local Privilege Escalation Vulnerabilities (CVE-2024-37081)

In addition to the heap-overflow vulnerabilities, VMware vCenter Server also contains multiple local privilege escalation vulnerabilities due to misconfiguration of the sudo utility. This issue is tracked as CVE-2024-37081 and carries a CVSSv3 base score of 7.8, placing it in the Important severity range.

An authenticated local user with non-administrative privileges can exploit these vulnerabilities to gain root access on the vCenter Server Appliance. This elevation of privileges could allow the user to perform unauthorized actions, further compromising the security of the virtual environment.

Affected Versions and Available Fixes

The vulnerabilities impact several versions of VMware vCenter Server:

• vCenter Server 7.0 and 8.0
• Cloud Foundation (vCenter Server) versions 4.x and 5.x

VMware has released updates to mitigate these vulnerabilities. The fixed versions are:

• vCenter Server 8.0 U2d, 8.0 U1e, and 7.0 U3r
• Cloud Foundation (vCenter Server) KB88287

Mitigation and Recommendations

VMware has acted swiftly to address these vulnerabilities by releasing the aforementioned updates. Users and administrators of vCenter Server and Cloud Foundation are strongly advised to apply these updates immediately to protect their systems from potential exploitation.