Critical RCE Flaws in vCenter Server Fixed (CVE-2024-37079, CVE-2024-37080)
-
VMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain it: vSphere and Cloud Foundation. VMware vCenter Server is a popular server management solution for controlling vSphere (virtualized cloud computing) environments. VMware Cloud Foundation is a solution for deploying and managing hybrid cloud infrastructure. CVE-2024-37079 and CVE-2024-37080 are heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They have a high severity score because they can be exploited by unauthenticated, remote attackers without any user interaction. At the same time, VMware has fixed several local privilege escalation vulnerabilities (CVE-2024-37081) that may arise due to misconfiguration of sudo and may allow an authenticated local user with non-administrative privileges to elevate privileges to root on vCenter Server Appliance. The three vulnerabilities have been privately reported by security researchers and affect vCenter Server versions 7.0 and 8.0, as well as Cloud Foundation versions 4.x and 5.x. Products that are past their End of General Support dates – i.e., vSphere 6.5 or 6.7 – “are not evaluated as part of security advisories. If your organization has extended support please use those processes to request assistance,” the company said in an accompanying FAQ document. Customers are advised to implement the fixes or upgrade as needed, as there are no workarounds available. “There may be other mitigations and compensating controls available in your organization, depending on your security posture, defense-in-depth strategies, and configurations of perimeter firewalls and appliance firewalls. All organizations must decide for themselves whether to rely on those protections,” VMware added.
ที่มาแหล่งข่าว
https://www.helpnetsecurity.com/2024/06/18/cve-2024-37079-cve-2024-37080/