VMware recently released security updates to address critical vulnerabilities impacting its vCenter Server products. The vulnerabilities, known as CVE-2024-37079 and CVE-2024-37080, have been assigned a high CVSSv3.1 score of 9.8 out of 10. These vulnerabilities could potentially lead to remote code execution if successfully exploited through heap overflow in vCenter Server’s DCE/RPC protocol implementation.
The impacted product versions include VMware vCenter Server Version 7.0, VMware vCenter Server Version 8.0, VMware Cloud Foundation Version 4.x, and VMware Cloud Foundation Version 5.x. Users and administrators utilizing these versions are strongly advised to promptly update to the latest version to mitigate the risk of exploitation.
For further information and guidance on the security updates, individuals can visit the following resources:
– https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
– https://www.bleepingcomputer.com/news/security/VMware-fixes-critical-vcenter-rce-vulnerability-patch-now/
– https://www.helpnetsecurity.com/2024/06/18/cve-2024-37079-cve-2024-37080/
By addressing these critical vulnerabilities promptly, users can enhance the security posture of their VMware vCenter Server products and safeguard against potential remote code execution by malicious actors.
Article Source
https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-072
