Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Software

Virtualization

VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation

Bug reports made in China

Iain Thomson Tue 17 Sep 2024  //  20:50 UTC

Broadcom has emitted a pair of patches for vulnerabilities in VMware vCenter Server that a miscreant with network access to the software could exploit to completely commandeer a system. This also affects Cloud Foundation.

The first flaw, CVE-2024-38812, is a heap overflow vulnerability in the Distributed Computing Environment/Remote Procedure Calls (DCERPC) system that could be exploited over the network to achieve remote code execution on unpatched systems. Corrupting the heap could allow an attacker to execute arbitrary code on the system. Broadcom rates it as a critical fix and it has a CVSS score of 9.8 out of 10.

The second one, CVE-2024-38813, is a privilege escalation flaw that ranks a CVSS score of 7.5 and one that VMware-owned Broadcom rates as important. Someone with network access to VMware's vulnerable software could exploit this to gain root privileges on the system.

We can imagine a miscreant with network access using CVE-2024-38812 to gain code execution on a box, and then using CVE-2024-38813 to step up to administrative control. This scenario isn't explicitly outlined in the advisory though Broadcom chose to pair the flaws together in its advisory today and FAQ.

Versions 7 and 8 of vCenter Server and versions 4 and 5 of VMware Cloud Foundation are at risk and Broadcom warns there is no practical workaround for these bugs. In other words, get patching.

The blunders are addressed in vCenter Server versions 8.0 U3b and 7.0 U3s, and Cloud Foundation with async patches to 8.0 U3b and 7.0 U3s.

The discovery of both flaws stemmed from the Matrix Cup Cyber Security Competition, held in June in China, which was organized by 360 Digital Security Group and Beijing Huayunan Information Technology Company. Over 1,000 teams competed to report holes in products for $2.75 million in prizes.

Zbl and srs of Team TZL at Tsinghua University were credited with discovering the bugs, which were disclosed to Broadcom to patch.

The team bagged the competition's Best Vulnerability Award, along with a $59,360 payday, showing once again that bug bounties and competitive hacking really work. ®
Send us news
1 Comment

VMware by Broadcom lifts storage allowances and prices for vSphere Foundation

This will both ease and exacerbate price concerns and competitive sniping

AT&T and Broadcom may settle VMware support case

Fresh filing sees Broadcom admit it discounts deeply – music to the ears of all Virtzilla users coming off contract

Veeam tests support for another VMware alternative: XCP-NG

As Gartner rates the contenders for those contemplating a move off Virtzilla, with Nutanix on top of the list

VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time

If the first patches don't work, try, try again

VMware settles securities fraud class suit with $102.5M payout

Traded its shares between 2018 and 2020? You could cash in

AT&T claims VMware by Broadcom offered it a 1,050 percent price rise

And that Broadcom has prevented vendors from selling to the telco giant

Windows Themes zero-day bug exposes users to NTLM credential theft

Plus a free micropatch until Redmond fixes the flaw

OpenAI reportedly asks Broadcom for help with custom inferencing silicon

Fabbed by TSMC, needed for … it's a secret

Emergency patch: Cisco fixes bug under exploit in brute-force attacks

Who doesn't love abusing buggy appliances, really?

Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch

Plus, a POC to make it extra easy for attackers

AT&T intends to quit VMware, Broadcom claims in legal broadside

Counter-arguments in support spat paint unflattering picture of telco giant's IT estate

Microsoft issues 117 patches – some for flaws already under attack

Plus: SAP re-patches a failed patch for critical-rated flaw