CVE-2024-38812
CVE-2024-38812
CVE-2024-38813
CVE-2024-38813
September 18, 2024
·
0
Minutes Read

Critical VMware vCenter Server Patch

Advisory
Security Advisory
September 18, 2024
·
0
Minutes Read

Critical VMware vCenter Server Patch

This is some text inside of a div block.
This is some text inside of a div block.
·
0
Minutes Read
Kudelski Security Team
Find out more
table of contents
Share on
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Summary

VMware has released a critical security advisory (VMSA-2024-0019) that addresses two serious vulnerabilities found in its vCenter Server and VMware Cloud Foundation products.

These vulnerabilities, identified as CVE-2024-38812 and CVE-2024-38813, could enable attackers to execute remote code and gain elevated privileges, posing a significant security risk.

Affected Systems and/or Application

VMware vCenter and any products that contain vCenter, including VMware vSphere and VMware Cloud Foundation are affected:

The following table captures the essential details about the affected VMware products, versions, identified vulnerabilities, severity, and the fixed versions.

Technical Details / Attack Overview

CVE-2024-38812: Heap-Overflow Vulnerability

The first vulnerability, identified as CVE-2024-38812, is a heap overflow fl aw in the way the vCenter Server handles theDCERPC protocol, according to a report from Broadcom. This vulnerability has a critical severity rating, with a maximumCVSSv3 score of 9.8. It allows attackers with access to the vCenter Server to exploit the issue by sending specifically crafted network packets. If successful, the attack could enable remote code execution, giving the attackers control over the compromised system.

CVE-2024-38813: Privilege Escalation Vulnerability

CVE-2024-38813 is a vulnerability that allows attackers with network access to elevate their privileges to root by sending specially crafted network packets. It has a CVSSv3 score of 7.5, making it a critical issue. Similar to the heap overflow vulnerability, this flaw can be exploited remotely, enabling attackers to gain higher-level access through malicious network activity.

Recommendations

1. Update Affected Systems:

General Recommendations

Before updating your VMware vCenter Server appliance to address the critical vulnerability, it’s recommended to take a non-memory snapshot of the appliance. This acts as a fail-safe, allowing you to revert back if anything goes wrong during the update process.

To do this, log into the ESXi host that manages the vCenter appliance and create a non-memory snapshot of theVCSA (vCenter Server Appliance) VM. Once the snapshot is in place, you can safely proceed with pulling, staging, and applying the update for the vulnerability.

What is the CFC doing ?

Kudelski Security has not observed or received indicators of active exploitation of these flaws. The CFC will continue to monitor the situation and send an advisory update if needed. Clients with vulnerability scan services will receive relevant results if critical vulnerabilities are found within the scope of the scans as soon as a plugin will be made available by the vuln scan provider.

References

VMware vCenter Server Vulnerability-Attackers Escalate Privileges (gbhackers.com)

Critical VMware vCenter Server Patch VMSA-2024-0019 – Upgrade Now! – Virtualization Howto

Related Post
August 6, 2025
Security Advisory:
August 6, 2025
Kudelski Security Team

A Likely Zero-Day Vulnerability in SonicWall SSL-VPN Exploited by Akira Ransomware Group

July 23, 2025
Security Advisory:
July 23, 2025
Kudelski Security Team

Microsoft SharePoint On-Premise Vulnerability (CVE-2025-53770) Under Active Exploitation

July 14, 2025
Security Advisory:
July 14, 2025
Kudelski Security Team

Adversary Infrastructure and Indicators Behind the SAP NetWeaver 0-Day Exploitation