#vcenterserver — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #vcenterserver, aggregated by home.social.
-
VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest https://www.securityweek.com/vmware-patches-remote-code-execution-flaw-found-in-chinese-hacking-contest/ #Vulnerabilities #vCenterServer #CVE202438812 #CVE202438813 #MatrixCUp #VMware #China
-
VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest https://www.securityweek.com/vmware-patches-remote-code-execution-flaw-found-in-chinese-hacking-contest/ #Vulnerabilities #vCenterServer #CVE202438812 #CVE202438813 #MatrixCUp #VMware #China
-
A week in security (July 15 – July 21) https://www.malwarebytes.com/blog/news/2024/07/a-week-in-security-july-15-july-21 #vCenterServer #CrowdStrike #Geoserver #riteaid #News
-
Critical Vulnerabilities in VMware vCenter Server
Date: June 18, 2024
CVE: CVE-2024-37079, CVE-2024-37080, CVE-2024-37081
Vulnerability Type: Buffer Overflow, Memory Corruption
CWE: [[CWE-787]], [[CWE-416]], [[CWE-125]]
Sources: SecurityWeek, Cybersecurity News, Broadcom VMware advisorySynopsis
Multiple critical vulnerabilities in VMware vCenter Server have been identified, potentially allowing remote code execution (RCE). These issues, detailed in VMware's security advisory VMSA-2024-0012, include CVE-2023-34048, which affects the DCE/RPC protocol implementation. The DCE/RPC (Distributed Computing Environment / Remote Procedure Call) protocol is a network protocol developed by the Open Group. It enables communication between client and server applications by allowing a program to request services from a program located on another computer within a network. DCE/RPC is based on the concept of remote procedure calls (RPC), which facilitate the execution of code on a remote system as if it were local.
Issue Summary
VMware vCenter Server, a key management component for VMware environments, contains several critical vulnerabilities. If exploited, these could allow attackers to execute arbitrary code remotely. The most critical of these, CVE-2023-34048, has been rated with a CVSS score of 9.8, indicating high severity.
Technical Key Findings
The vulnerabilities primarily involve memory corruption issues such as heap overflow and use-after-free errors in the DCE/RPC protocol. These can be exploited by sending specially crafted packets to the vCenter Server, leading to remote code execution and potential system compromise.
Vulnerable Products
- vCenter Server 8.0
- vCenter Server 7.0
- VMware Cloud Foundation versions 4.x and 5.x
**Response Matrix:
| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| ------------------ | ----------- | -------------- | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------------------------------------------------------------------- | --------------- | ------------------------------------------------------------------------ |
| vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | 8.0 U2d | None | FAQ |
| vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080 | 9.8, 9.8 | Critical | 8.0 U1e | None | FAQ |
| vCenter Server | 7.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | 7.0 U3r | None | FAQ |**
Impacted Product Suites that Deploy Response Matrix 3a and 3b Components:
*| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| --------------------------------- | ----------- | -------------- | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------- | --------------- | ------------------------------------------------------------------------ |
| Cloud Foundation (vCenter Server) | 5.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | KB88287 | None | FAQ |
| Cloud Foundation (vCenter Server) | 4.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | KB88287 | None | FAQ |Impact Assessment
Successful exploitation of these vulnerabilities could result in complete control over the affected systems, allowing attackers to perform any action, including data theft, service disruption, and further network compromise.
Patches or Workarounds
VMware has released patches to address these vulnerabilities. Administrators are advised to update to the fixed versions (8.0 U2d, 7.0 U3r) . There are no available workarounds.
Tags
#VMware #vCenterServer #CVE-2023-34048 #RemoteCodeExecution #PatchManagement #Cybersecurity
-
🌍 #𝗖𝗬𝗕𝗘𝗥𝗩𝗘𝗜𝗟𝗟𝗘 🌍
Des pirates chinois exploitent silencieusement une faille #zeroday de #VMware depuis 2 ans, mettant en danger la sécurité de #vCenterServer.https://thehackernews.com/2024/01/chinese-hackers-silently-weaponized.html
-
Angreifer könnten Systeme mit Cloud Foundation und vCenter Server von VMware attackieren. Bislang gibt es nur einen Workaround, um Systeme abzusichern.
Warten auf Sicherheitsupdates: Admin-Lücke bedroht VMware vCenter Server -
Angreifer suchen derzeit gezielt nach verwundbaren vCenter-Server-Systemen. Davon ist auch Deutschland betroffen. Sicherheitspatches sind verfügbar.
Jetzt patchen! VMware warnt vor anstehenden Attacken auf vCenter Server -
Angreifer könnten das Verwaltungsprogramm für virtuelle Maschinen vCenter Server von VMware über unter anderem eine kritische Lücke attackieren.
Wichtige Sicherheitsupdates: VMware vCenter Server ist vielfältig angreifbar -
Sicherheitsforscher warnen davor, dass Angreifer es auf eine kritische Lücke in vCenter Server abgesehen haben. Jetzt patchen! Angreifer attackieren VMware vCenter Server -
Vulnerability in VMware product has severity rating of 9.8 out of 10 - Enlarge (credit: Michael Theis / Flickr)
Data centers around the world have a n... - https://arstechnica.com/?p=1767612 #vulnerabilities #vcenterserver #patches #biz&it #vmware #tech -
Drei Sicherheitslücken mit Einstufungen von "Moderate" bis "Critical" betreffen neben ESXi und vCenter Server indirekt auch Cloud Foundation. Es gibt Updates.
Jetzt updaten: Kritische Lücke aus VMware ESXi und vCenter Server beseitigt -
Für mehrere Versionen der vCenter Server-Erweiterung vSphere Replication stehen Sicherheitsupdates bereit, die eine "High"-Schwachstelle schließen.
VMware vSphere Replication: Updates beseitigen remote ausnutzbare Schwachstelle