VMware vCenter RCE Vulnerability Actively Exploited After Patch Error

Published
Written by:
Lore Apostol
Lore Apostol
Infosec Writer & Editor

Two critical vulnerabilities in VMware vCenter servers, originally identified and patched by Broadcom, have been exploited after the first round of fixes proved inadequate. One is a heap overflow vulnerability, while the other is a high-severity privilege escalation flaw.

CVE-2024-38812 is a critical heap overflow vulnerability linked to the Distributed Computing Environment/Remote Procedure Calls (DCERPC) protocol. Rated 9.8 out of 10 on the CVSS scale, it allows attackers with network access to execute remote code.

CVE-2024-38813 is a high-severity privilege escalation flaw with a CVSS score of 7.5. It enables attackers with network access to escalate privileges to root.

Broadcom released initial patches on September 17th, which fell short of fully addressing the vulnerabilities. An update was issued in October, at which time Broadcom claimed there was no known exploitation occurring 'in the wild.' However, recent alerts have confirmed the active exploitation of both vulnerabilities.

VMware vCenter is a critical tool for managing virtual machine fleets, often counting thousands. This makes it a prime target for ransomware groups and potential nation-state cybercriminals. Immediate and comprehensive patching of vCenter Server versions 7 and 8, along with VMware Cloud Foundation versions 4 and 5, is imperative to safeguard against potential attacks.

Organizations should prioritize patching to prevent exploitation and limit network access to vCenter servers to authorized personnel only while also implementing monitoring systems to detect suspicious activity related to these vulnerabilities.

In October, VMware patched a high-severity SQL injection vulnerability in the HCX platform that allowed unauthorized low-privilege users to execute remote code on the HCX manager.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: