Security News > 2024 > October > VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
2024-10-22 07:03
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger this vulnerability by
News URL
https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html
Related news
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-38812 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | 9.8 |