Flash Notice: PATCH NOW - VMware's vCenter has a Critical RCE Flaw

overview

VMware has issued a critical security advisory to address multiple vulnerabilities in VMware vCenter Server. These vulnerabilities, if exploited, could allow attackers to execute remote code on affected systems. 

Heap Overflow Vulnerabilities - CVE-2024-37079 and CVE-2024-37080 (CVSS 9.8) 

These flaws exist within the DCERPC protocol implementation of vCenter Server. An attacker with network access can exploit these vulnerabilities by sending specially crafted packets, leading to potential remote code execution. Affected Versions: VMware vCenter Server 7.0, 8.0 and VMware Cloud Foundation 4.x, 5.x. 

Local Privilege Escalation Vulnerability - CVE-2024-37081(CVSS 7.8) 

Due to a misconfiguration of sudo in vCenter Server, an authenticated local user with non-administrative privileges can elevate their privileges to root. Affected Versions: VMware vCenter Server 7.0, 8.0 and VMware Cloud Foundation 4.x, 5.x. 

As of right now, these vulnerabilities have not been exploited in the wild. VMware has released patches to address these vulnerabilities. vCenter is a widely used product and users are strongly advised to apply the updates listed in VMware’s security advisory as soon as possible. 

avertium's recommendationS

• VMware vCenter Server 
  • Update to versions 8.0 U2d, 8.0 U1e, and 7.0 U3r. 
• VMware Cloud Foundation 
  • Apply patches as detailed in KB88287. 
• Precautions During Update 
  • While the update does not affect running workloads or VMs, expect temporary unavailability of vSphere Client and other management interfaces. 
• There are no in-product workarounds or mitigations for these vulnerabilities. Applying the patches is the only recommended solution. Please see VMware’s advisory for patch guidance.  

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

• Avertium aligns your Cybersecurity Strategy with your business strategy, ensuring that your investment in security is also an investment in your business. Our Cybersecurity Strategy service includes:  

• • Strategic Security Assessments - Strengthening your security posture begins with knowing where your current program stands (NIST CSF, Security Architecture, Business Impact Analysis, Sensitive Data Inventory, Network Virtualization and Cloud Assessment). 
  • Threat Mapping – Leverage Avertium’s Cyber Threat Intelligence, getting a more informed view of your most likely attack scenarios (Threat Assessment and MITRE ATT&CK). 
  • Cyber Maturity Roadmap - Embrace a comprehensive, quantifiable, and well-organized approach to establishing and continuously enhancing your cybersecurity resilience (Policy + Procedure Development, Virtual CISO (VCISO), Training + Enablement, Tabletop Exercises, and Business Continuity + Disaster Recovery Plan). 

• Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 

SUPPORTING DOCUMENTATION