Threat Insight

Critical Vulnerabilities in vCenter Server Exploited in the Wild

A vulnerability was earlier disclosed in vCenter Server. This would let an unauthenticated actor with network access send a specially crafted network packet to escalate privileges to root[1].
This privilege escalation vulnerability could be chained with a vulnerability that has already been reported by Truesec, in report 2024-51 which analyzes CVE-2024-38812.
This heap-overflow vulnerability that lets an attacker get remote code execution could possibly be used in conjunction with this privilege escalation vulnerability which could have critical impacts in your virtual infrastructure.

2024-11-20
Insight

CVE

CVE-2024-38813
CVE-2024-38812

Affected Products

VMware vCenter Server VMware Cloud Foundation

Exploitation

Broadcom has confirmed exploitation of these vulnerabilities[1]. The CVE has not been added to CISA’s list of known exploited vulnerabilities.

Recommended Actions

Apply the latest updates to VMware vCenter Server and VMware Cloud Foundation[1].

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968