VMware vCenter Server heap-overflow vulnerability (CVE-2024-38812)
Posted on
September 19, 2024
Service Advisory
Broadcom has published a new critical vulnerability (CVE-2024-38812) that attackers can exploit to gain remote code execution on unpatched servers via a network packet.
CVSS Score: 9.8/Critical
Description: VMware vCenter Server is a central management platform for VMware vSphere, enabling the management of virtual machines and ESXi hosts. CVE-2024-38812 is a heap-overflow vulnerability in the implementation of the DCE/RPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Affected Versions: vCenter Server versions 7.0, 8.0 Cloud Foundation versions 4.x and 5.x.
Impact: This vulnerability if exploited could lead to remote code execution.
Resolution:
To remediate CVE-2024-38812 update to the Fixed Versions.
