VMware, owned by Broadcom, has recently addressed critical vulnerabilities in its vCenter Server application that could allow malicious actors to execute remote code or elevate privileges on affected systems. These vulnerabilities, if left unpatched, pose a significant risk to organizations using VMware vSphere. The security advisory issued by VMware identifies three critical vulnerabilities, including a heap overflow flaw in the DCERPC protocol implementation and a misconfiguration of sudo in vCenter Server.
Affected versions of VMware software include vCenter Server versions 7.0 and 8.0, as well as VMware Cloud Foundation versions 4.x and 5.x. Fixes have been released for vCenter versions 8.0 and 7.0, with asynchronous patches available for Cloud Foundation versions 5.x and 4.x. However, older vSphere versions that have reached end of general support will not receive updates for these vulnerabilities.
Nuspire, a cybersecurity company, proactively addresses VMware vCenter Server vulnerabilities by applying patches as they are released and conducting threat hunting exercises to detect any indicators of compromise. Organizations using VMware vCenter Server should prioritize patching their systems to reduce the risk of cyberattacks. Implementing a comprehensive Vulnerability Management Program, which includes regular scanning and patch management, is crucial for maintaining a secure IT infrastructure.
As of now, there have been no reports of active exploitation of these vulnerabilities in the wild. It is essential for organizations to stay updated on security advisories and apply patches promptly to protect their systems from potential threats. Regular monitoring for new vulnerabilities and proactive remediation efforts can help organizations strengthen their cybersecurity posture and minimize the risk of compromise.
Article Source
https://securityboulevard.com/2024/06/VMware-vcenter-rce-vulnerability-what-you-need-to-know/amp/