Cybersecurity Threat Advisory: VMware critical vulnerability

VMware has recently released software updates to address a security flaw believed to have already been patched in vCenter Server. The vulnerability, known as CVE-2024-38812 with a CVSS score of 9.8, is a heap-overflow vulnerability. Continue reading this Cybersecurity Threat Advisory to mitigate your risk.

What is the threat?

By sending specially crafted network packets, threat actors with access to vCenter Server can exploit this vulnerability and perform remote code execution (RCE). It was also confirmed that the previous vCenter patch failed to properly address this vulnerability.

Why is it noteworthy?

This vulnerability allows threat actors to gain significant control over systems by executing remote code, posing a serious security risk. Additionally, the fact that the previous patch failed to fully address the issue raises concerns about the effectiveness of security measures and the potential for exploitation by malicious actors.

What is the exposure or risk?

CVE-2024-38812 affects VMware vCenter 7.0 and 8.0, as well as VMware Cloud Foundation 4.x and 5.x. However, it does not affect the latest updates for these devices, such as 7.0 U3s and 8.0 U3b. Those without the above-mentioned updated versions, are susceptible to attacks with network access to vCenter Server, escalating privileges to root by sending their own crafted network packets.

What are the recommendations?

Barracuda recommends the following actions to mitigate the effects caused by CVE-2024-38812:

• Install the latest security patches provided by VMware for vCenter Serve immediately.
• Limit access to vCenter Server by configuring firewall rules to restrict network traffic to only trusted sources.
• Implement comprehensive logging and monitoring to detect any suspicious activities or potential exploitation attempts.
• Enforce strong authentication mechanisms, such as multi-factor authentication (MFA), to enhance security for accessing vCenter Server.
• Review and update the security configurations of your vCenter Server and associated components periodically to ensure they adhere to best practices.
• Isolate critical systems and services from the rest of the network to minimize the impact of any potential breach.

References

For more in-depth information on the above recommendations, please visit the following links:

• https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html
• https://www.cert.europa.eu/publications/security-advisories/2024-100/#:~:text=The%20critical%20vulnerability%20CVE-2024-38812%20is%20caused%20by%20a,to%20remotely%20execute%20arbitrary%20code%20without%20user%20interaction.
• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
• https://www.securityweek.com/vmware-struggles-to-fix-flaw-exploited-at-chinese-hacking-contest/

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.