Security News > 2024 > September > Critical VMware vCenter Server bugs fixed (CVE-2024-38812)
2024-09-18 10:38
Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a specially crafted network packet, and could lead to remote code execution (CVE-2024-38812) or privilege escalation (CVE-2024-38813). “Broadcom is not currently aware of exploitation ‘in the wild’,” the company says, but noted that organizations should promptly act to install one of the updated versions. VMware has patched a similarly critical RCE flaw (CVE-2023-34048) in vCenter Server in October … More → The post Critical VMware vCenter Server bugs fixed (CVE-2024-38812) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/18/cve-2024-38812-cve-2024-38813/
Related news
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
- Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-38813 | Improper Check for Dropped Privileges vulnerability in VMWare Vcenter Server 7.0/8.0 The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | 9.8 |
| 2024-09-17 | CVE-2024-38812 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | 9.8 |
| 2023-10-25 | CVE-2023-34048 | Out-of-bounds Write vulnerability in VMWare Vcenter Server vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | 9.8 |