RF WaveSep 19, 2024

#Broadcom has released software updates to fix a critical vulnerability in #VMware #vCenterServer

The vulnerability is tracked as CVE-2024-38812, and when exploited, allows an attacker to execute code without interaction

Administrators are advised to patch ASAP

#cybersecurity #vulnerabilitymanagement

https://www.bleepingcomputer.com/news/security/broadcom-fixes-critical-rce-bug-in-vmware-vcenter-server/

Broadcom fixes critical RCE bug in VMware vCenter Server

Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet.

BleepingComputer
🛡 [email protected]/:~# Jun 18, 2024

Critical Vulnerabilities in VMware vCenter Server

Date: June 18, 2024
CVE: CVE-2024-37079, CVE-2024-37080, CVE-2024-37081
Vulnerability Type: Buffer Overflow, Memory Corruption
CWE: [[CWE-787]], [[CWE-416]], [[CWE-125]]
Sources: SecurityWeek, Cybersecurity News, Broadcom VMware advisory

Synopsis

Multiple critical vulnerabilities in VMware vCenter Server have been identified, potentially allowing remote code execution (RCE). These issues, detailed in VMware's security advisory VMSA-2024-0012, include CVE-2023-34048, which affects the DCE/RPC protocol implementation. The DCE/RPC (Distributed Computing Environment / Remote Procedure Call) protocol is a network protocol developed by the Open Group. It enables communication between client and server applications by allowing a program to request services from a program located on another computer within a network. DCE/RPC is based on the concept of remote procedure calls (RPC), which facilitate the execution of code on a remote system as if it were local.

Issue Summary

VMware vCenter Server, a key management component for VMware environments, contains several critical vulnerabilities. If exploited, these could allow attackers to execute arbitrary code remotely. The most critical of these, CVE-2023-34048, has been rated with a CVSS score of 9.8, indicating high severity.

Technical Key Findings

The vulnerabilities primarily involve memory corruption issues such as heap overflow and use-after-free errors in the DCE/RPC protocol. These can be exploited by sending specially crafted packets to the vCenter Server, leading to remote code execution and potential system compromise.

Vulnerable Products

  • vCenter Server 8.0
  • vCenter Server 7.0
  • VMware Cloud Foundation versions 4.x and 5.x

**Response Matrix:

| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| ------------------ | ----------- | -------------- | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------- | --------------- | ------------------------------------------------------------------------ |
| vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.89.87.8 | Critical | 8.0 U2d | None | FAQ |
| vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080 | 9.89.8 | Critical | 8.0 U1e | None | FAQ |
| vCenter Server | 7.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.89.87.8 | Critical | 7.0 U3r | None | FAQ |

**

Impacted Product Suites that Deploy Response Matrix 3a and 3b Components:

*

| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| --------------------------------- | ----------- | -------------- | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------- | --------------- | ------------------------------------------------------------------------ |
| Cloud Foundation (vCenter Server) | 5.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.89.87.8 | Critical | KB88287 | None | FAQ |
| Cloud Foundation (vCenter Server) | 4.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.89.87.8 | Critical | KB88287 | None | FAQ |

Impact Assessment

Successful exploitation of these vulnerabilities could result in complete control over the affected systems, allowing attackers to perform any action, including data theft, service disruption, and further network compromise.

Patches or Workarounds

VMware has released patches to address these vulnerabilities. Administrators are advised to update to the fixed versions (8.0 U2d, 7.0 U3r) . There are no available workarounds.

Tags

#VMware #vCenterServer #CVE-2023-34048 #RemoteCodeExecution #PatchManagement #Cybersecurity

Multiple VMware vCenter Server Flaws Allow Remote Code Execution

VMware has released a critical security advisory, VMSA-2024-0012, addressing multiple vulnerabilities in VMware vCenter Server, a core component of VMware vSphere and VMware Cloud Foundation products.

Cyber Security News
Cyber VeilleJan 25, 2024

🌍 #𝗖𝗬𝗕𝗘𝗥𝗩𝗘𝗜𝗟𝗟𝗘 🌍
Des pirates chinois exploitent silencieusement une faille #zeroday de #VMware depuis 2 ans, mettant en danger la sécurité de #vCenterServer.

https://thehackernews.com/2024/01/chinese-hackers-silently-weaponized.html

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

A China-linked cyber espionage group called UNC3886 has been exploiting a zero-day vulnerability in VMware vCenter Server (CVE-2023-34048).

The Hacker News
TechDirectArchiveApr 11, 2023

Differences between vSphere and ESXi and Center

https://techdirectarchive.com/2022/02/09/what-are-the-differences-between-vsphere-esxi-and-vcenter/

#AzureVmware, #ESXi, #VCenter, #VCenterServer, #VMware, #VMwareWorkstation, #VSphere, #VSphereClient

Differences between vSphere and ESXi and vCenter

VMware Inc. is a software company that develops many suites of software products. Learn the differences between vSphere and ESXi and vCenter

TechDirectArchive
heise online (inoffiziell)Nov 12, 2021
Angreifer könnten Systeme mit Cloud Foundation und vCenter Server von VMware attackieren. Bislang gibt es nur einen Workaround, um Systeme abzusichern.
Warten auf Sicherheitsupdates: Admin-Lücke bedroht VMware vCenter Server
Warten auf Sicherheitsupdates: Admin-Lücke bedroht VMware vCenter Server

Angreifer könnten Systeme mit Cloud Foundation und vCenter Server von VMware attackieren. Bislang gibt es nur einen Workaround, um Systeme abzusichern.

heise online (inoffiziell)Sep 23, 2021
Angreifer suchen derzeit gezielt nach verwundbaren vCenter-Server-Systemen. Davon ist auch Deutschland betroffen. Sicherheitspatches sind verfügbar.
Jetzt patchen! VMware warnt vor anstehenden Attacken auf vCenter Server
Jetzt patchen! VMware warnt vor anstehenden Attacken auf vCenter Server

Angreifer suchen derzeit gezielt nach verwundbaren vCenter-Server-Systemen. Davon ist auch Deutschland betroffen. Sicherheitspatches sind verfügbar.

heise online (inoffiziell)Sep 22, 2021
Angreifer könnten das Verwaltungsprogramm für virtuelle Maschinen vCenter Server von VMware über unter anderem eine kritische Lücke attackieren.
Wichtige Sicherheitsupdates: VMware vCenter Server ist vielfältig angreifbar
Wichtige Sicherheitsupdates: VMware vCenter Server ist vielfältig angreifbar

Angreifer könnten das Verwaltungsprogramm für virtuelle Maschinen vCenter Server von VMware über unter anderem eine kritische Lücke attackieren.

heise online (inoffiziell)Jun 7, 2021
Sicherheitsforscher warnen davor, dass Angreifer es auf eine kritische Lücke in vCenter Server abgesehen haben. Jetzt patchen! Angreifer attackieren VMware vCenter Server
Jetzt patchen! Angreifer attackieren VMware vCenter Server

Sicherheitsforscher warnen davor, dass Angreifer es auf eine kritische Lücke in vCenter Server abgesehen haben.

heise online (inoffiziell)Feb 24, 2021
Drei Sicherheitslücken mit Einstufungen von "Moderate" bis "Critical" betreffen neben ESXi und vCenter Server indirekt auch Cloud Foundation. Es gibt Updates.
Jetzt updaten: Kritische Lücke aus VMware ESXi und vCenter Server beseitigt
Jetzt updaten: Kritische Lücke aus VMware ESXi und vCenter Server beseitigt

Drei Sicherheitslücken mit Einstufungen von "Moderate" bis "Critical" betreffen neben ESXi und vCenter Server indirekt auch Cloud Foundation. Es gibt Updates.

heise online (inoffiziell)Feb 15, 2021
Für mehrere Versionen der vCenter Server-Erweiterung vSphere Replication stehen Sicherheitsupdates bereit, die eine "High"-Schwachstelle schließen.
VMware vSphere Replication: Updates beseitigen remote ausnutzbare Schwachstelle
VMware vSphere Replication: Updates beseitigen remote ausnutzbare Schwachstelle

Für mehrere Versionen der vCenter Server-Erweiterung vSphere Replication stehen Sicherheitsupdates bereit, die eine "High"-Schwachstelle schließen.