Critical Vulnerability Affecting VMware vCenter Server and VMware Cloud Foundation

Update timeline

1. identified Nov 19, 2024, 10:06 AM UTC

   Pulsant Cyber Security are aware of Critical Vulnerabilities impacting VMware vCenter Server and VMware Cloud Foundation. These include a heap-overflow vulnerability (CVE-2024-38812) with a CVSSv3 score of 9.8, and a privilege escalation vulnerability (CVE-2024-38813) with a CVSSv3 score of 7.5. Exploitation of these vulnerabilities has been observed in the wild. Impacted Products: VMware vCenter Server (versions 7.0, 8.0) VMware Cloud Foundation (versions 4.x, 5.x, 5.1.x) Vulnerability Details: Heap-overflow vulnerability in vCenter Server (CVE-2024-38812): Severity: Critical (CVSSv3 9.8) Description: This vulnerability in the DCERPC protocol allows remote code execution when an attacker with network access sends a specially crafted packet to vCenter Server. Resolution: Immediate application of the latest patches from the "Response Documentation" is essential. Privilege escalation vulnerability in vCenter Server (CVE-2024-38813): Severity: Important (CVSSv3 7.5) Description: This vulnerability can enable an attacker to escalate privileges to root by sending a specially crafted packet to vCenter Server. Resolution: Application of the latest patches from the "Response Documentation" is required to remediate this issue. Response Documentation : https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

2. resolved Jan 15, 2025, 08:56 AM UTC

   This incident has been resolved.