Security News > 2024 > October > VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)
2024-10-22 11:00
Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by zbl & srs of team TZL – researchers who participated in the 2024 Matrix Cup in June 2024. Broadcom maintains that they are not currently aware of exploitation “in the wild.” CVE-2024-38812 and CVE-2024-38813 VMware vCenter … More → The post VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/10/22/cve-2024-38812-cve-2024-38813-fixed-again/
Related news
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-38813 | Improper Check for Dropped Privileges vulnerability in VMWare Vcenter Server 7.0/8.0 The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | 9.8 |
| 2024-09-17 | CVE-2024-38812 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | 9.8 |