VMware has released updates to address critical flaws affecting Cloud Foundation, vCenter Server, and vSphere ESXi that can be exploited for privilege escalation and remote code execution.
The list of vulnerabilities is as follows –
CVE-2024-37079 & CVE-2024-37080 (CVSS Score: 9.8) – Multiple heap overflow vulnerabilities in the DCE/RPC protocol implementation that could allow a bad actor with network access to vCenter Server to achieve remote code execution from During transmission of a crafted network packet CVE-2024-37081 (CVSS score: 7.8) – Multiple local privilege escalation vulnerabilities in VMware vCenter arise due to sudo misconfiguration that an authenticated local user with non-administrative privileges can exploit to gain root permissions
This is not the first time VMware has addressed shortcomings in its DCE/RPC protocol implementation. In October 2023, the Broadcom-owned virtualization services provider patched another critical vulnerability (CVE-2023-34048, CVSS score: 9.8) that could also be abused to remotely execute arbitrary code.
Researchers at Chinese cybersecurity firm QiAnXin LegendSec Hao Zheng and Zibo Li are credited with discovering and reporting CVE-2024-37079 and CVE-2024-37080. The discovery of CVE-2024-37081 is credited to Matei “Mal” Badanoiu at Deloitte Romania.
All three issues, which affect vCenter Server versions 7.0 and 8.0, have been addressed in versions 7.0 U3r, 8.0 U1e, and 8.0 U2d.
Although there are no known reports of any of the vulnerabilities being actively exploited, it is imperative that users move quickly to apply patches given their importance.
