Overview
- Vulnerable Platforms: VMware vCenter Server and VMware Cloud Foundation
- Severity (CVSSv3): Critical, with a score of 9.8.
- Vulnerability Type: Remote Code Execution (RCE).
- Error Type: Heap Overflow.
- Affected Versions: All versions.
- Security Patch Release Date: October 21, 2024.
- Exploit Status: No proof-of-concept (POC)
Technical Description
VMware vCenter Server contains a critical heap-overflow vulnerability in its implementation of the Distributed Computing Environment/Remote Procedure Call (DCE/RPC) protocol.
Vulnerability Details
This vulnerability is a critical heap overflow vulnerability identified by VMware vCenter server during the execution of the DCE/RPC protocol, enabling an intruder with network access to vCenter Server to send specially crafted packets.
It has the potential to allow remote code execution (RCE), leading to system compromise, unauthorized access, or the exposure of sensitive data. VMware has stated that no known exploits or incidents leveraging this vulnerability have been observed so far.
Vulnerable Versions
• All versions of VMware vCenter Server.
• VMware Cloud Foundation.
How to Patch the Vulnerability
✔️ It is critical to install the security updates immediately. Attackers often target VMware vCenter Server vulnerabilities to gain access to virtual environments.
The most effective way to address this vulnerability is to install the vCenter patches released on October 21, 2024. You can find them at the following link:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
✔️ Older product versions, such as vSphere 6.5 and vSphere 6.7, are affected but will not receive security updates as they past their end-of-support date..
✔️ Even after applying the patch, it is strongly recommended to avoid exposing the vCenter service to the internet due to its critical nature..
✔️ Before applying the security patch, take the following precautions to mitigate potential threats:
- Isolate the vCenter Server from other parts of the network to reduce exposure.
- Apply strict firewall policies to control access to the vCenter Server.
- Use IDS/IPS solutions to monitor, identify, and block suspici+B12ous activities or exploit attempts.
- Regularly back up the vCenter Server and its configurations.