A recent surge of critical remote code execution (RCE) vulnerabilities has been discovered in VMware vCenter Server and Cloud Foundation products. These vulnerabilities can be triggered by remote attackers who craft and send specific network packets to the vCenter Server via the DCERPC protocol. Successful exploitation could grant them remote code execution capabilities and allow them to control your systems completely.
Vulnerability Details
Multiple vulnerabilities have been identified, including CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081. These vulnerabilities can potentially grant attackers the ability to execute malicious code on affected systems.
CVE-2024-37079 and CVE-2024-37080 – Heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server. It allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution.
CVE-2024-37081—This vulnerability arises from a misconfiguration of sudo in the vCenter Server. An authenticated local user can exploit this flaw to elevate their privileges to root on the vCenter Server Appliance.
Affected Products
vCenter Server versions 7.0 and 8.0 are at risk, along with Cloud Foundation versions 4.x and 5.x.
Solution
Security updates are available in VMware vCenter Server 8.0 U2d, 8.0 U1e, and 7.0 U3r. For Cloud Foundation, patches were pushed through KB88287. Remediate these critical vulnerabilities with tools like SanerNow to avoid being attacked.
Impact
The potential impact of these vulnerabilities is severe. A successful attack could allow attackers to steal sensitive data, deploy ransomware, or disrupt critical operations.
VMware has released security patches to address these vulnerabilities. There is no time to waste; updating to the latest version is critical to ensure your systems are protected.
VMware
Here’s what you should do
Identify Affected Systems – Check your vCenter Server and Cloud Foundation versions to determine their vulnerability using vulnerability scanning tools like SanerNow.
Download and Apply Patches – Download the latest patches and apply them to all affected systems as soon as possible.
Patch Critical Risks Instantly with SanerNow
SanerNow Patch Management automatically deploys patches to all the critical risks detected. It supports all major OSs and 550+ third-party applications.
You will have a non-production environment where you can test your patches before deploying in main production environment. SanerNow also supports rollback feature in scenario of system disruptions.
Schedule a demo and keep your systems updated and secure with SanerNow: Schedule here
