vCenter Server Heap Overflow Vulnerability
Key Information
- Vendor
- VMware
- Status
- Vmware Vcenter Server
- Vmware Cloud Foundation
- Vendor
- CVE Published:
- 18 June 2024
Badges
Summary
The vCenter Server contains multiple critical vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) that could potentially lead to remote code execution. These vulnerabilities are related to heap-overflow vulnerabilities in the implementation of the DCERPC protocol and local privilege escalation vulnerabilities due to misconfiguration of sudo, posing a high severity risk to users. While the vulnerabilities have not been exploited in the wild, VMware urges customers to install available patches immediately to address the issues. Patches are available for vCenter Server v 8.0, v 7.0, and Cloud Foundation versions 4.x and 5.x. There are no workarounds available, but VMware has stated that organizations may have other mitigations and compensating controls depending on their security posture and configurations of perimeter and appliance firewalls. These vulnerabilities have been responsibly reported by security researchers, and it is important for customers to take action to mitigate the risk of potential exploitation.
Affected Version(s)
VMware vCenter Server < 8.0 U2d
VMware vCenter Server < 8.0 U1e
VMware vCenter Server < 7.0 U3r
News Articles
Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed - Help Net Security
Hereās an overview of some of last weekās most interesting news, articles, interviews and videos: The rise of SaaS security teams In this Help Net
4 months ago
VMware fixes 2 critical bugs; check if your vCenter Server is affected
The heap overflow flaws affect vSphere and Cloud Foundation and could enable RCE.
4 months ago
Broadcom Advises Urgent Patch for Severe VMware vCenter Server Vulnerabilities
Broadcom, the owner firm of VMware, discloses critical vulnerabilities affecting VMware vCenter Server and the virtualized environment it manages.
4 months ago
CVSS V3.1
Timeline
Vulnerability started trending.
First article discovered by CybersecurityNews
Vulnerability published.
Vulnerability Reserved.