VMware vCenter Server heap-overflow vulnerability (CVE-2024-38812)

Service Advisory

Broadcom has released new patches for previously critical vulnerability (CVE-2024-38812) that attackers can exploit to gain remote code execution on unpatched servers via a network packet.

CVSS Score:
9.8/Critical

Description:
VMware vCenter Server is a central management platform for VMware vSphere, enabling the management of virtual machines and ESXi hosts. CVE-2024-38812 is a heap-overflow vulnerability in the implementation of the DCE/RPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Affected Versions:

vCenter Server versions 7.0, 8.0

Cloud Foundation versions 4.x and 5.x.                                    

Impact:

This vulnerability if exploited could lead to remote code execution.

Resolution:

To apply the new patches listed in the advisory below.

Reference:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38812

https://www.tenable.com/cve/CVE-2024-38812

UIT Information Security

Contact

Client Services at askit@yorku.ca or 416 736 5800

PRIVACY POLICY | VISIT WWW.YORKU.CA
This email was sent by: York University, 4700 Keele Street, Toronto, Ontario M3J 1P3

This email is viewed best in Microsoft Outlook for web