Threat Response - Critical Vulnerability in VMware VCenter

 

On June 19th 2024, Broadcom (formerly VMware) issued a patch for a vulnerability in VMware vCenter Server tracked under CVE-2024-37079 and CVE-2024-37080 [1][2]. The vulnerabilities allow for remote code execution. We urge all recipients to install updates on vulnerable instances of vCenter Server as soon as possible.

 

The vulnerabilites tracked under CVE-2024-37079 and CVE-2024-37080 are in the DCERPC protocol implementation in vCenter Server. These vulnerabilities may allow a malicious actor with network access to trigger remote code execution by sending a specially crafted network packet [3]. 

 

An unauthenticed attacker could gain remote code execution on the vCenter Server over the network. Based on this, we estimate the impact of these vulnerabilities as high.

 

At the time of writing, we are not aware of any publicly availble exploits for these vulnerabilities. However, based on typical VMware vCenter Server deployments which might be connected to the Internet, we estimate the risk of these vulnerabilities as high.

 

Broadcom recommends installing the latest patches for the following affected products [3]:

Verify whether one or more of the affected VMware products is used inside your organization. We recommend installing the recommended patches for the affected VMware vCenter Server and Cloud Foundation products as soon as possible. And we strongly recommend not exposing VMware vCenter Server to untrusted users over the network, especially given the recent history of vulnerabilities in the DCERPC protocol implementation.

 

Vulnerability Management customers will be informed in case vulnerable systems are detected in their infrastructure. 

We will monitor any developments regarding this vulnerability. If new critical information about this threat arises we will reach out to you. You can call us by phone or send us an email if you would like additional information.

 

Sources