Priya PatelTLDR:
- Broadcom released updates to address a critical security flaw in VMware vCenter Server (CVE-2024-38812) that could lead to remote code execution.
- Another privilege escalation flaw (CVE-2024-38813) was also fixed by VMware.
The article discusses a critical security flaw in VMware vCenter Server that could allow remote code execution. The vulnerability, identified as CVE-2024-38812 with a CVSS score of 9.8, is a heap-overflow vulnerability in the DCE/RPC protocol. A malicious actor with network access to vCenter Server could exploit this flaw by sending a specially crafted network packet, potentially leading to remote code execution.
Two researchers, zbl and srs of team TZL, discovered and reported this flaw during the Matrix Cup cybersecurity competition in China. The flaw has been fixed in various versions of vCenter Server and VMware Cloud Foundation.
In addition to the CVE-2024-38812 flaw, VMware also addressed a privilege escalation flaw (CVE-2024-38813) with a CVSS score of 7.5 that could allow a malicious actor to escalate privileges to root by sending a specially crafted network packet.
Broadcom, the company that released the updates, has urged customers to update their installations to the latest versions to protect against potential threats. While there have been no reported malicious exploits of these vulnerabilities, they are considered memory management and corruption issues that could be used against vCenter services for remote code execution.
The article also mentions a joint advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) urging organizations to address cross-site scripting (XSS) flaws that threat actors could exploit to breach systems. These vulnerabilities arise when manufacturers fail to properly validate, sanitize, or escape inputs, allowing threat actors to inject malicious scripts into web applications.
Overall, the article highlights the importance of promptly updating systems to patch critical vulnerabilities like CVE-2024-38812 and CVE-2024-38813 to mitigate the risk of potential cyber threats.
