Critical RCE bug in VMware vCenter Server now exploited in attacks

Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw.

TZL security researchers reported the RCE vulnerability (CVE-2024-38812) during China’s 2024 Matrix Cup hacking contest. It is caused by a heap overflow weakness in the vCenter’s DCE/RPC protocol implementation and affects products containing vCenter, including VMware vSphere and VMware Cloud Foundation.

The other vCenter Server flaw now exploited in the wild (reported by the same researchers) is a privilege escalation flaw tracked as CVE-2024-38813 that enables attackers to escalate privileges to root with a specially crafted network packet.

“Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813,” Broadcom said on Monday.

The company released security updates in September to fix both vulnerabilities. Still, roughly one month later, it updated the security advisory warning that the original CVE-2024-38812 patch hadn’t fully addressed the flaw and “strongly” encouraged admins to apply the new patches.

No workarounds are available for these security flaws, so impacted customers are advised to apply the latest updates immediately to block attacks actively exploiting them.

Broadcom has also released a supplemental advisory with additional information on deploying the security updates on vulnerable systems and known issues that could impact those who have already upgraded.

In June, the company fixed a similar vCenter Server RCE vulnerability (CVE-2024-37079) that attackers can also exploit via specially crafted packets.

Threat actors, including ransomware gangs and state-sponsored hacking groups, frequently target vulnerabilities in VMware vCenter. For instance, in January, Broadcom revealed that Chinese state hackers had been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021.

This threat group (tracked as UNC3886 by security firm Mandiant) abused the flaw to deploy VirtualPita and VirtualPie backdoors on ESXi hosts via maliciously crafted vSphere Installation Bundles (VIBs).

Sergiu Gatlan

Kommentar verfassen Kommentieren abbrechen

London, GB

2:40 am, Feb. 4, 2025

7°C

L: 6° | H: 7°

Fühlt sich an wie 5°C° wenige Wolken

Luftfeuchtigkeit: 91 %

Druck: 1023 mb

Wind: 7 mph SSW

Windböe: 0 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 20%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 7:34 am

Sonnenuntergang: 4:54 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 9:00 pm

6° | 7°°C 0.2 mm 20% 15 mph 93 % 1026 mb 0 mm/h

Tomorrow 9:00 pm

4° | 8°°C 0 mm 0% 9 mph 86 % 1045 mb 0 mm/h

Do. Feb. 06 9:00 pm

2° | 8°°C 0 mm 0% 9 mph 86 % 1046 mb 0 mm/h

Fr. Feb. 07 9:00 pm

2° | 6°°C 0 mm 0% 12 mph 92 % 1041 mb 0 mm/h

Sa. Feb. 08 9:00 pm

1° | 4°°C 0.35 mm 35% 10 mph 89 % 1030 mb 0.15 mm/h

Today 3:00 am

5° | 7°°C 0 mm 0% 6 mph 91 % 1023 mb 0 mm/h

Today 6:00 am

6° | 6°°C 0 mm 0% 9 mph 93 % 1023 mb 0 mm/h

Today 9:00 am

7° | 7°°C 0 mm 0% 11 mph 91 % 1022 mb 0 mm/h

Today 12:00 pm

10° | 10°°C 0 mm 0% 13 mph 75 % 1022 mb 0 mm/h

Today 3:00 pm

9° | 9°°C 0 mm 0% 15 mph 76 % 1021 mb 0 mm/h

Today 6:00 pm

10° | 10°°C 0.2 mm 20% 12 mph 88 % 1022 mb 0 mm/h

Today 9:00 pm

8° | 8°°C 0.2 mm 20% 10 mph 74 % 1026 mb 0 mm/h

Tomorrow 12:00 am

6° | 6°°C 0 mm 0% 9 mph 82 % 1030 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€97,791.65	8.15%
Ethereum(ETH)	€2,747.45	15.20%
XRP(XRP)	€2.67	31.29%
Fesseln(USDT)	€0.97	0.03%
Solana(SOL)	€211.40	17.20%
USDC(USDC)	€0.97	0.00%
Dogecoin(DOGE)	€0.275336	24.30%
Shiba Inu(SHIB)	€0.000015	26.23%
Pepe(PEPE)	€0.000011	20.64%

Critical RCE bug in VMware vCenter Server now exploited in attacks

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns