Multiple VMware vCenter Server Flaws Allow Remote Code Execution
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
VMware has released a critical security advisory, VMSA-2024-0012, addressing multiple vulnerabilities in VMware vCenter Server, a core component of VMware vSphere and VMware Cloud Foundation products.
If exploited, these vulnerabilities could allow attackers to execute remote code on affected systems.
The advisory highlights several critical vulnerabilities, including heap overflow and local privilege escalation issues. The most severe of these vulnerabilities have been assigned CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081.
Heap-Overflow Vulnerabilities (CVE-2024-37079, CVE-2024-37080)
These vulnerabilities exist when implementing the DCERPC protocol within the vCenter Server. They have been rated with a maximum CVSSv3 base score of 9.8, indicating critical severity.
A malicious actor with network access to the vCenter Server can exploit these vulnerabilities by sending specially crafted network packets, potentially leading to remote code execution.
Patch:
VMware has released patches to address these vulnerabilities. Users are advised to apply the updates listed in the ‘Fixed Version’ column of the response matrix below.
Local Privilege Escalation Vulnerability (CVE-2024-37081)
This vulnerability is due to misconfiguration of sudo in vCenter Server, allowing an authenticated local user with non-administrative privileges to elevate their privileges to root. It has a CVSSv3 base score of 7.8, categorized as important.
An authenticated local user can exploit this vulnerability to gain root access on the vCenter Server Appliance.
Patch:
Patches have been released to remediate this issue. Users should apply the updates listed in the response matrix.
Response Matrix
VMware ProductVersionRunning OnCVECVSSv3SeverityFixed VersionWorkaroundsAdditional DocumentationvCenter Server8.0AnyCVE-2024-37079, CVE-2024-37080, CVE-2024-370819.8, 9.8, 7.8Critical8.0 U2dNoneFAQvCenter Server8.0AnyCVE-2024-37079, CVE-2024-370809.8, 9.8Critical8.0 U1eNoneFAQvCenter Server7.0AnyCVE-2024-37079, CVE-2024-37080, CVE-2024-370819.8, 9.8, 7.8Critical7.0 U3rNoneFAQ
Impacted Product Suites
VMware ProductVersionRunning OnCVECVSSv3SeverityFixed VersionWorkaroundsAdditional DocumentationCloud Foundation (vCenter Server)5.xAnyCVE-2024-37079, CVE-2024-37080, CVE-2024-370819.8, 9.8, 7.8CriticalKB88287NoneFAQCloud Foundation (vCenter Server)4.xAnyCVE-2024-37079, CVE-2024-37080, CVE-2024-370819.8, 9.8, 7.8CriticalKB88287NoneFAQ
Organizations using VMware vCenter Server are urged to apply the necessary patches immediately to mitigate these critical vulnerabilities.
How to Verify Patches
Organizations can verify that patches have been successfully applied to vCenter Server by following these steps:
Access the Appliance Shell:
List Installed Patches:
Check Specific Patch Details:
Use the vCenter Server Management Interface (VAMI):
Verify System Functionality:
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Multiple VMware vCenter Server Flaws Allow Remote Code Execution
Author: Guru BaranVMware has released a critical security advisory, VMSA-2024-0012, addressing multiple vulnerabilities in VMware vCenter Server, a core component of VMware vSphere and VMware Cloud Foundation products.
If exploited, these vulnerabilities could allow attackers to execute remote code on affected systems.
The advisory highlights several critical vulnerabilities, including heap overflow and local privilege escalation issues. The most severe of these vulnerabilities have been assigned CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081.
Heap-Overflow Vulnerabilities (CVE-2024-37079, CVE-2024-37080)
These vulnerabilities exist when implementing the DCERPC protocol within the vCenter Server. They have been rated with a maximum CVSSv3 base score of 9.8, indicating critical severity.
A malicious actor with network access to the vCenter Server can exploit these vulnerabilities by sending specially crafted network packets, potentially leading to remote code execution.
Patch:
VMware has released patches to address these vulnerabilities. Users are advised to apply the updates listed in the ‘Fixed Version’ column of the response matrix below.
Local Privilege Escalation Vulnerability (CVE-2024-37081)
This vulnerability is due to misconfiguration of sudo in vCenter Server, allowing an authenticated local user with non-administrative privileges to elevate their privileges to root. It has a CVSSv3 base score of 7.8, categorized as important.
An authenticated local user can exploit this vulnerability to gain root access on the vCenter Server Appliance.
Patch:
Patches have been released to remediate this issue. Users should apply the updates listed in the response matrix.
Response Matrix
VMware ProductVersionRunning OnCVECVSSv3SeverityFixed VersionWorkaroundsAdditional DocumentationvCenter Server8.0AnyCVE-2024-37079, CVE-2024-37080, CVE-2024-370819.8, 9.8, 7.8Critical8.0 U2dNoneFAQvCenter Server8.0AnyCVE-2024-37079, CVE-2024-370809.8, 9.8Critical8.0 U1eNoneFAQvCenter Server7.0AnyCVE-2024-37079, CVE-2024-37080, CVE-2024-370819.8, 9.8, 7.8Critical7.0 U3rNoneFAQ
Impacted Product Suites
VMware ProductVersionRunning OnCVECVSSv3SeverityFixed VersionWorkaroundsAdditional DocumentationCloud Foundation (vCenter Server)5.xAnyCVE-2024-37079, CVE-2024-37080, CVE-2024-370819.8, 9.8, 7.8CriticalKB88287NoneFAQCloud Foundation (vCenter Server)4.xAnyCVE-2024-37079, CVE-2024-37080, CVE-2024-370819.8, 9.8, 7.8CriticalKB88287NoneFAQ
Organizations using VMware vCenter Server are urged to apply the necessary patches immediately to mitigate these critical vulnerabilities.
How to Verify Patches
Organizations can verify that patches have been successfully applied to vCenter Server by following these steps:
Access the Appliance Shell:
- Log in to the vCenter Server Appliance shell as a user with super administrator privileges, typically the root user.
List Installed Patches:
- Use the software-packages utility to view the list of installed patches. Run the following command to see all patches currently applied to the vCenter Server Appliance:
bash software-packages list - To view the patches in chronological order, use:
bash software-packages list --history - This command provides a detailed list of all patches applied, including the installation date and other relevant details.
Check Specific Patch Details:
- If you need to verify details about a specific patch, use the following command:
bash software-packages list --patch - Replace with the actual name of the patch you want to check. For example:
bash software-packages list --patch VMware-vCenter-Server-Appliance-Patch1 - This command will display comprehensive details about the specified patch, such as the vendor, description, and installation date.
Use the vCenter Server Management Interface (VAMI):
- Log in to the VAMI at https://:5480 using the root account.
- Navigate to the “Update” section. In the “Current version details” pane, you can view the vCenter Server version and build number.
- The “Available Updates” pane will show the status of updates, including whether they have been installed successfully.
Verify System Functionality:
- After applying patches, ensure that the vCenter Server Appliance is functioning correctly. Check critical services and perform routine operations to confirm that the system is stable and operating as expected.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
