A major VMware vCenter Server security bug is now being exploited, so patch now

(Image credit: Shutterstock)

A VMware bug that grants Remote Code Execution abilities is being exploited in the wild
The bug was first spotted in September 2024, but the patch did not solve the problem
A second patch was released, and users are urged to apply now

Broadcom is warning two vulnerabilities plaguing its VMware vCenter Server product are being exploited in the wild by hackers.

Patches are available, and users are urged to apply them immediately, since there is no workaround. Furthermore, the vulnerabilities can be used to cause quite the damage to compromised networks.

In mid-September 2024, VMware released a security advisory, claiming to have patched two flaws in vCenter Server that could have granted threat actors remote code execution (RCE) abilities.

Confirmed exploitation

These flaws were tracked as CVE-2024-38812 and CVE-2024-38813.

The former affects vCenter 7.0.3, 8.9.2, and 8.0.3, as well as all versions of vSphere or VMware Cloud Foundation prior to the ones listed above. It was given a severity score of 9.8 (critical) since it can be exploited without user interaction, and since it grants RCE capabilities to a threat actor sending a custom-built network packet. The latter, on the other hand, is a 7.5-severity flaw, granting root privilege escalation.

Both vulnerabilities were first discovered by Team TZL at Tsinghua University, during the Matrix Cup Cyber Security Competition, held in China earlier this year.

However, it was soon announced that the patches did not properly work, since Broadcom issued a second patch in late October 2024. At that time, despite the bug being present for months, and having been patched twice, there was still no evidence of abuse in the wild.

However, that time has now come.

"Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813," Broadcom said earlier this week.

Unfortunately, at this time, we don’t know who is abusing these vulnerabilities, or against whom. However, BleepingComputer reminds that threat actors, including ransomware gangs and state-sponsored threat actors, often target VMware vCenter bugs.

Via BleepingComputer

VMware vCenter Server RCE vulnerability patched by Broadcom
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Latest

Jinx and Isha looking worried and scared in Arcane season 2 episode 6

Arcane season 2's final trailer teases shimmer-powered Noxians, the return of two dead characters, Jinx's redemption arc, and a Piltover-based battle for the ages

See more latest ►

Confirmed exploitation

Are you a pro? Subscribe to our newsletter

You might also like

Most Popular