Pierluigi Paganini November 18, 2024

Threat actors are actively exploiting two VMware vCenter Server vulnerabilities tracked as CVE-2024-38812 and CVE-2024-38813, Broadcom warns.

Broadcom warns that the two VMware vCenter Server vulnerabilities CVE-2024-38812 and CVE-2024-38813 are actively exploited in the wild.

“Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813.” reads the advisory.

vCenter Server is a critical component in VMware virtualization and cloud computing software suite. It serves as a centralized and comprehensive management platform for VMware’s virtualized data centers.

In mid-September, Broadcom released security updates to address a critical vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), in VMware vCenter Server that could lead to remote code execution.

The vulnerability is a heap-overflow vulnerability that resides in the implementation of the DCERPC protocol.

“A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.” reads the advisory.

The company also addressed a privilege escalation vulnerability, tracked as CVE-2024-38813, in vCenter Server.

“A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.” reads the advisory.

zbl & srs of team TZL discovered both vulnerabilities during the 2024 Matrix Cup contest and reported the flaw to Broadcom.

“These vulnerabilities are memory management and corruption issues which can be used against VMware vCenter services, potentially allowing remote code execution.” states the company.

The virtualization giant addressed the vulnerabilities with the release of the following versions:

• vCenter Server 8.0 U3b and 7.0 U3s
• VMware Cloud Foundation 5.x (Fixed in 8.0 U3b as an asynchronous patch)
• VMware Cloud Foundation 4.x (Fixed in 7.0 U3s as an asynchronous patch)

In June, VMware addressed multiple vCenter Server vulnerabilities that remote attackers can exploit to achieve remote code execution or privilege escalation.

Two heap-overflow flaws, tracked as CVE-2024-37079 and CVE-2024-37080 respectively, impacted the implementation of the DCERPC protocol.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, VMware)