Broadcom is sounding the alarm bells about attackers actively exploiting two critical vulnerabilities in VMware vCenter Server, a widely used control hub for managing virtual computing infrastructure. These vulnerabilities allow hackers to run remote code and completely compromise the systems.
The American semiconductor and infrastructure software giant Broadcom released the first patch in September, but it later determined that the fix did not fully address one of the flaws. Additional patches were released on October 21st, 2024.
Now, Broadcom has updated the alert with an urgent warning.
“VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813,” the company said.
The first flaw is a heap-overflow vulnerability in the implementation of the DCERPC (Distributed Computing Environment/Remote Procedure) protocol, which allows programs to communicate over a network.
A malicious actor with network access to the vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. This critical flaw has a 9.8 out of 10 severity score.
The second bug can be used for privilege escalation to root. Threat actors need to have network access to vCenter Server to trigger this vulnerability by sending a specially crafted network packet. The severity of this vulnerability is high, 7.5 out of 10.
Both vulnerabilities can be resolved by applying the latest updates, and there are no other workarounds.
“All customers are strongly encouraged to apply the patches currently listed in the Response Matrix,” Broadcom urges.
In June and later, malicious attackers were observed exploiting vulnerabilities in VMware’s ESXi, enterprise-class software for hosting virtual machines. Ransomware gangs used this to easily obtain full administrative permissions.
Your email address will not be published. Required fields are markedmarked