Security News > 2024 > October > Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE
2024-10-27 09:00
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Fortinet releases patches for publicly undisclosed critical FortiManager vulnerability In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter … More → The post Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE appeared first on Help Net Security.
News URL
Related news
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Samsung MagicINFO 9 Server RCE flaw now exploited in attacks (source)
- Apache Parquet exploit tool detect servers vulnerable to critical flaw (source)
- SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version (source)
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-38813 | Improper Check for Dropped Privileges vulnerability in VMWare Vcenter Server 7.0/8.0 The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | 9.8 |
| 2024-09-17 | CVE-2024-38812 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | 9.8 |