VMware vCenter Server Multiple Critical Vulnerabilities (CVE-2024-37079, CVE-2024-37080, & CVE-2024-37081)

VMware vCenter Server is vulnerable to multiple vulnerabilities that may allow attackers to elevate privileges and perform remote code execution. Tracked as CVE-2024-37079, CVE-2024-37080, & CVE-2024-37081, the vulnerabilities are given critical and important severity ratings.

VMware vCenter is an advanced server management software. The software has a centralized platform for controlling vSphere environments for visibility across hybrid clouds. The software protects the vCenter Server Appliance and related services with native high availability (HA) and a recovery time objective of less than 10 minutes.

VMware vCenter Server Heap-overflow Vulnerabilities (CVE-2024-37079, CVE-2024-37080)

These heap overflow vulnerabilities exist in the implementation of the DCERPC protocol. DCE/RPC, or Distributed Computing Environment/Remote Procedure Calls, is a network protocol allowing programmers to write distributed software running on the same computer. An attacker must have network access to the vCenter Server to exploit these vulnerabilities. An attacker may trigger these vulnerabilities by sending a specially crafted network packet and executing code remotely.

Hao Zheng and Zibo Li from the TianGong Team of Legendsec at Qi’anxin Group have discovered and reported the vulnerabilities.

VMware vCenter Local Privilege Escalation Vulnerability (CVE-2024-37081)

The local privilege escalation vulnerability originates from the misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit the vulnerability to escalate privileges to root on the vCenter Server Appliance.

Matei Badanoiu of Deloitte Romania has discovered and reported the vulnerabilities.

Affected Products

• VMware vCenter Server
• VMware Cloud Foundation

Affected Versions

• vCenter Server versions 7.0 and 8.0
• vCenter Server Cloud Foundation versions 4.x and 5.x

Mitigation

Customers must upgrade to VMware vCenter Server versions 8.0 U2d, 8.0 U1e, and 7.0 U3r to patch the vulnerabilities.

For more information about the mitigation, please refer to VMware Security Advisory (VMSA-2024-0012).

Qualys Detection

Qualys customers can scan their devices with QIDs 216323, 216324, and 216325 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453