Security News > 2024 > June > VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi
2024-06-18 08:24
VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) - Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could
News URL
https://thehackernews.com/2024/06/vmware-issues-patches-for-cloud.html
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-18 | CVE-2024-37080 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. | 9.8 |
| 2024-06-18 | CVE-2024-37079 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. | 9.8 |