Hacker Discovers Critical RCE Vulnerabilities in vCenter, VMware Issues Fixes

VMware specialists have fixed a number of critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation.

The developers provided fixes for three problems at once: CVE-2024-37079, CVE-2024-37080, CVE-2024-37081.

Advertisement

  • CVE-2024-37079: A critical heap overflow vulnerability in vCenter Server's DCERPC protocol implementation that allows an attacker with network access to send specially crafted packets and could potentially lead to remote code execution (CVSS score 9.8).
  • CVE-2024-37080: Another critical heap overflow issue in vCenter Server's DCERPC protocol. Like CVE-2024-37079, it also allows an attacker with network access to exploit a heap overflow by sending modified packets, which can lead to remote code execution (CVSS score 9.8).
  • CVE-2024-37081: The vulnerability occurs due to incorrect sudo configuration in vCenter Server, which allows an authenticated local user to exploit the bug to escalate their privileges to root (7.8 on the CVSS scale).

The listed errors affect VMware vCenter Server versions 7.0 and 8.0, as well as VMware Cloud Foundation versions 4.x and 5.x.

Patches for VMware vCenter Server were included in versions 8.0 U2d, 8.0 U1e and 7.0 U3r. And for Cloud Foundation, fixes were added in KB88287.

According to the manufacturer, there are no effective alternative countermeasures for these vulnerabilities, so all users are advised to install the latest updates as soon as possible.

















Advertisement