Multiple vulnerabilities (CVE-2024-37079,CVE-2024-37080) has been discovered in VMware vCenter Server and Cloud Foundation, which could allow malicious actor to execute remote code. There are no reports of these vulnerabilities being exploited in the wild.
CVSS Score:- 9.8/Critical
Description:- VMware vCenter Server is a central management platform for VMware vSphere, enabling the management of virtual machines and ESXi hosts. CVE-2024-37079 and CVE-2024-37080 are heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution.
Affected Versions:-
vCenter Server versions 7.0, 8.0
Cloud Foundation versions 4.x and 5.x.
Impact:-
This Vulnerability if exploited could lead to remote code execution.
Resolution:-
Implement the fixes or upgrade, as there are no workarounds available.