Multiple VMware vCenter Server Flaws Allow Remote Code Execution
Key Takeaway: Critical VMware vCenter Server vulnerabilities can potentially allow hackers to execute remote code. Immediate action required.
Critical Security Advisory VMSA-2024-0012
VMware has released a critical security advisory addressing several dangerous vulnerabilities in VMware vCenter Server, a crucial component of VMware vSphere and VMware Cloud Foundation. These flaws, if exploited, could enable attackers to run malicious code on affected systems.
Severe Vulnerabilities Identified
The security issues identified include heap overflow and local privilege escalation problems. These vulnerabilities are categorized as extremely severe with CVSSv3 base scores of up to 9.8.
Highlighted Vulnerabilities:
- Heap Overflow Vulnerabilities (CVE-2024-37079, CVE-2024-37080)
- Local Privilege Escalation Vulnerability (CVE-2024-37081)
Heap Overflow Vulnerabilities (CVE-2024-37079, CVE-2024-37080)
The heap overflow vulnerabilities exist in the DCERPC protocol of vCenter Server. These flaws could be exploited by attackers sending specific network packets, potentially leading to remote code execution.
Patch: VMware has released updates to rectify these vulnerabilities. Users should update their systems with the patches listed in the 'Fixed Version' column of the response matrix.
Local Privilege Escalation Vulnerability (CVE-2024-37081)
This vulnerability results from a misconfiguration in sudo, allowing non-admin local users to elevate to root privileges. This has a CVSSv3 base score of 7.8, indicating it is important.
Patch: Updates have been made available to fix this issue. Users should apply the necessary patches listed in the response matrix.
Response Matrix
| VMware Product | Version | Running On | CVE | CVSSv3 Severity | Fixed Version | Workarounds | Additional Documentation |
| — | — | — | — | — | — | — | — |
| vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical 8.0 U2d | None | FAQ |
| vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080 | 9.8, 9.8 | Critical 8.0 U1e | None | FAQ |
| vCenter Server | 7.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical 7.0 U3r | None | FAQ |
Impacted Product Suites
| VMware Product | Version | Running On | CVE | CVSSv3 Severity | Fixed Version | Workarounds | Additional Documentation |
| — | — | — | — | — | — | — | — |
| Cloud Foundation (vCenter Server) | 5.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical KB88287 | None | FAQ |
| Cloud Foundation (vCenter Server) | 4.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical KB88287 | None | FAQ |
Action Required: Apply Patches Immediately
Organizations using VMware vCenter Server are strongly urged to apply the necessary patches promptly to mitigate these critical vulnerabilities.
How to Verify Patches
To ensure patches are properly applied, follow these steps:
Access the Appliance Shell:
- Log in as a root user to the vCenter Server Appliance shell.
List Installed Patches:
- Use the command:
software-packages list - To view patches by installation date:
software-packages list --history
- Use the command:
Check Specific Patch Details:
- Use the command:
software-packages list --patch <patch_name> - Replace
<patch_name>with the actual patch name (e.g., VMware-vCenter-Server-Appliance-Patch1).
Use the vCenter Server Management Interface (VAMI):
- Log in to the VAMI using root account.
- Navigate to the “Update” section to see the current version and installed updates.
Verify System Functionality:
- Ensure that the vCenter Server Appliance functions correctly after applying patches by checking critical services and routine operations.
By following these steps, organizations can confirm that the latest security patches are in place, keeping their systems secure and up-to-date.
