VMware vCenter Server, Broadcom’s central management hub for the VMware vSphere suite, had a critical-severity vulnerability that allowed threat actors to remotely execute malicious code on unpatched servers. The exploit involves a low-complexity attack that can be pulled off without victim interaction.
VMware vSphere is a virtualization platform that allows admins to create and manage virtual machines and computing resources in a data center.
Its central management hub, vCenter Server, was vulnerable to a heap-overflow bug in the implementation of the DCERPC protocol, a flaw that is now tracked as CVE-2024-38812. It was given a severity score of 9.8/10 (critical), and was recently patched.
Patches and workarounds
Besides vCenter Server, it was also said that VMware Cloud Foundation was vulnerable to the same bug, as well. VMware Cloud Foundation is an integrated software platform that combines VMware’s compute, storage, and network virtualization products with management and automation tools to create a unified hybrid cloud infrastructure.
The bug was discovered by cybersecurity researchers TZL, during China’s 2024 Matrix Cup hacking context, BleepingComputer reports. As per the researchers, a malicious actor could theoretically send a specially crafted network packet, which could lead to remote code execution.
Broadcom, VMware’s parent company, recently released a fix and is urging users to apply it immediately.
“To ensure full protection for yourself and your organization, install one of the update versions listed in the VMware Security Advisory,” the company said. “While other mitigations may be available depending on your organization’s security posture, defense-in-depth strategies, and firewall configurations, each organization must evaluate the adequacy of these protections independently.”
If applying the patch is not an option right now, make sure you tightly control network perimeter access to vSphere management components and interfaces. The good news is that there is no evidence of in-the-wild abuse yet. However, now that the news is out, it is only a matter of time before hackers start scanning for vulnerable endpoints.
Via BleepingComputer
More from TechRadar Pro
https://cdn.mos.cms.futurecdn.net/MgHkR3uwBsnpbGtik3QxwF-1200-80.jpg
Source link
