VMware vCenter Server RCE vulnerability patched by Broadcom

(Image credit: Shutterstock)

VMware vCenter Server, Broadcom’s central management hub for the VMware vSphere suite, had a critical-severity vulnerability that allowed threat actors to remotely execute malicious code on unpatched servers.

The exploit involves a low-complexity attack that can be pulled off without victim interaction. VMware vSphere is a virtualization platform that allows admins to create and manage virtual machines and computing resources in a data center.

Its central management hub, vCenter Server, was vulnerable to a heap-overflow bug in the implementation of the DCERPC protocol, a flaw that is now tracked as CVE-2024-38812. It was given a severity score of 9.8/10 (critical), and was recently patched.

Patches and workarounds

Besides vCenter Server, it was claimed VMware Cloud Foundation was vulnerable to the same bug, as well. VMware Cloud Foundation is an integrated software platform that combines VMware's compute, storage, and network virtualization products with management and automation tools to create a unified hybrid cloud infrastructure.

The bug was discovered by cybersecurity researchers TZL, during China’s 2024 Matrix Cup hacking contest. As per the researchers, a malicious actor could theoretically send a specially crafted network packet, which could lead to remote code execution.

Broadcom, VMware’s parent company, recently released a fix and is urging users to apply it immediately.

"To ensure full protection for yourself and your organization, install one of the update versions listed in the VMware Security Advisory," the company said. "While other mitigations may be available depending on your organization's security posture, defense-in-depth strategies, and firewall configurations, each organization must evaluate the adequacy of these protections independently."

If applying the patch is not an option right now, make sure you tightly control network perimeter access to vSphere management components and interfaces. The good news is that there is no evidence of in-the-wild abuse yet. However, now that the news is out, it is only a matter of time before hackers start scanning for vulnerable endpoints.

Via BleepingComputer

More from TechRadar Pro

VMware patches serious security flaws in some of its top products
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.