Security News > 2024 > September > Critical VMware vCenter Server bugs fixed (CVE-2024-38812)
2024-09-18 10:38
Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a specially crafted network packet, and could lead to remote code execution (CVE-2024-38812) or privilege escalation (CVE-2024-38813). “Broadcom is not currently aware of exploitation ‘in the wild’,” the company says, but noted that organizations should promptly act to install one of the updated versions. VMware has patched a similarly critical RCE flaw (CVE-2023-34048) in vCenter Server in October … More → The post Critical VMware vCenter Server bugs fixed (CVE-2024-38812) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/18/cve-2024-38812-cve-2024-38813/
Related news
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) (source)
- VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) (source)
- Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) (source)
- GitHub Enterprise Server vulnerable to critical auth bypass flaw (source)
- You probably want to patch this critical GitHub Enterprise Server bug now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-38813 | The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | 0.0 |
| 2024-09-17 | CVE-2024-38812 | The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | 0.0 |
| 2023-10-25 | CVE-2023-34048 | Out-of-bounds Write vulnerability in VMWare Vcenter Server vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | 9.8 |