home.social

#vcenterserver — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #vcenterserver, aggregated by home.social.

  1. Critical Vulnerabilities in VMware vCenter Server

    Date: June 18, 2024
    CVE: CVE-2024-37079, CVE-2024-37080, CVE-2024-37081
    Vulnerability Type: Buffer Overflow, Memory Corruption
    CWE: [[CWE-787]], [[CWE-416]], [[CWE-125]]
    Sources: SecurityWeek, Cybersecurity News, Broadcom VMware advisory

    Synopsis

    Multiple critical vulnerabilities in VMware vCenter Server have been identified, potentially allowing remote code execution (RCE). These issues, detailed in VMware's security advisory VMSA-2024-0012, include CVE-2023-34048, which affects the DCE/RPC protocol implementation. The DCE/RPC (Distributed Computing Environment / Remote Procedure Call) protocol is a network protocol developed by the Open Group. It enables communication between client and server applications by allowing a program to request services from a program located on another computer within a network. DCE/RPC is based on the concept of remote procedure calls (RPC), which facilitate the execution of code on a remote system as if it were local.

    Issue Summary

    VMware vCenter Server, a key management component for VMware environments, contains several critical vulnerabilities. If exploited, these could allow attackers to execute arbitrary code remotely. The most critical of these, CVE-2023-34048, has been rated with a CVSS score of 9.8, indicating high severity.

    Technical Key Findings

    The vulnerabilities primarily involve memory corruption issues such as heap overflow and use-after-free errors in the DCE/RPC protocol. These can be exploited by sending specially crafted packets to the vCenter Server, leading to remote code execution and potential system compromise.

    Vulnerable Products

    • vCenter Server 8.0
    • vCenter Server 7.0
    • VMware Cloud Foundation versions 4.x and 5.x

    **Response Matrix:

    | VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
    | ------------------ | ----------- | -------------- | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------- | --------------- | ------------------------------------------------------------------------ |
    | vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.89.87.8 | Critical | 8.0 U2d | None | FAQ |
    | vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080 | 9.89.8 | Critical | 8.0 U1e | None | FAQ |
    | vCenter Server | 7.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.89.87.8 | Critical | 7.0 U3r | None | FAQ |

    **

    Impacted Product Suites that Deploy Response Matrix 3a and 3b Components:

    *

    | VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
    | --------------------------------- | ----------- | -------------- | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------- | --------------- | ------------------------------------------------------------------------ |
    | Cloud Foundation (vCenter Server) | 5.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.89.87.8 | Critical | KB88287 | None | FAQ |
    | Cloud Foundation (vCenter Server) | 4.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.89.87.8 | Critical | KB88287 | None | FAQ |

    Impact Assessment

    Successful exploitation of these vulnerabilities could result in complete control over the affected systems, allowing attackers to perform any action, including data theft, service disruption, and further network compromise.

    Patches or Workarounds

    VMware has released patches to address these vulnerabilities. Administrators are advised to update to the fixed versions (8.0 U2d, 7.0 U3r) . There are no available workarounds.

    Tags

    #VMware #vCenterServer #CVE-2023-34048 #RemoteCodeExecution #PatchManagement #Cybersecurity

  2. Angreifer könnten Systeme mit Cloud Foundation und vCenter Server von VMware attackieren. Bislang gibt es nur einen Workaround, um Systeme abzusichern.
    Warten auf Sicherheitsupdates: Admin-Lücke bedroht VMware vCenter Server
  3. Angreifer suchen derzeit gezielt nach verwundbaren vCenter-Server-Systemen. Davon ist auch Deutschland betroffen. Sicherheitspatches sind verfügbar.
    Jetzt patchen! VMware warnt vor anstehenden Attacken auf vCenter Server
  4. Angreifer könnten das Verwaltungsprogramm für virtuelle Maschinen vCenter Server von VMware über unter anderem eine kritische Lücke attackieren.
    Wichtige Sicherheitsupdates: VMware vCenter Server ist vielfältig angreifbar
  5. Sicherheitsforscher warnen davor, dass Angreifer es auf eine kritische Lücke in vCenter Server abgesehen haben. Jetzt patchen! Angreifer attackieren VMware vCenter Server
  6. Vulnerability in VMware product has severity rating of 9.8 out of 10 - Enlarge (credit: Michael Theis / Flickr)
    Data centers around the world have a n... - arstechnica.com/?p=1767612 #vulnerabilities #vcenterserver #patches #biz&it #vmware #tech

  7. Drei Sicherheitslücken mit Einstufungen von "Moderate" bis "Critical" betreffen neben ESXi und vCenter Server indirekt auch Cloud Foundation. Es gibt Updates.
    Jetzt updaten: Kritische Lücke aus VMware ESXi und vCenter Server beseitigt
  8. Für mehrere Versionen der vCenter Server-Erweiterung vSphere Replication stehen Sicherheitsupdates bereit, die eine "High"-Schwachstelle schließen.
    VMware vSphere Replication: Updates beseitigen remote ausnutzbare Schwachstelle