Broadcom, the owner of VMware, recently issued a security alert regarding critical vulnerabilities in VMware vCenter Server. The advisory VMSA-2024-0012 addresses three critical vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) that can be exploited by malicious actors to gain unauthorized access to vCenter Server systems. These vulnerabilities can allow remote code execution and local users to gain complete control over vCenter Server devices.
Broadcom disclosed that CVE-2024-37079 and CVE-2024-37080 are heap overflow flaws with a high CVSS score reported by Hao Zheng and Zibo Li of Legendsec’s TianGong team at Qi’anxin Group. These vulnerabilities allow hackers to execute code remotely through the DCERPC protocol. Another vulnerability, CVE-2024-37081, permits local users without administrative privileges to elevate their privileges to root on the vCenter Server appliance as reported by Matei Badanoiu of Deloitte Romania.
VMware reports that these vulnerabilities have not been actively exploited, but the potential for remote exploitation is a cause for concern. This puts organizations at risk of data compromise, business disruption, and lateral movement. Broadcom recommends patching all vulnerable instances as there are no practical workarounds available. Experts emphasize the importance of remaining vigilant, implementing robust security practices, and promptly patching vulnerabilities to mitigate the risk of cyberattacks.
John Bambenek, President of Bambenek Consulting, highlighted the significance of these vulnerabilities, stating that VMware is a popular target due to its widespread use. He emphasized the need to restrict access to vCenters and hypervisors to a select few individuals to prevent unauthorized access. Attackers would need to compromise administrators before exploiting the vulnerabilities, and such interfaces should not be accessible from the open internet.
In conclusion, the critical vulnerabilities identified in VMware vCenter Server pose a significant threat to organizations using virtual infrastructure. Prompt patching and strict access controls are essential to mitigate the risk of exploitation and potential cyberattacks.
Article Source
https://hackread.com/broadcom-patch-VMware-vcenter-server-vulnerabilities/