Broadcom-owned VMware has announced patches for several serious vCenter Server vulnerabilities that can allow remote code execution or privilege escalation.
Two heap-overflow vulnerabilities, tracked as CVE-2024-37079 and CVE-2024-37080 and classified as having critical severity, impact the implementation of the DCERPC protocol.
“A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution,” VMware said in its advisory.
VMware has credited researchers from Chinese cybersecurity company Qi An Xin for reporting the two flaws.
The same advisory also informs customers about CVE-2024-37081, a CVE assigned to multiple high-severity local privilege escalation vulnerabilities caused by the misconfiguration of Sudo.
“An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance,” the company explained.
Matei Badanoiu of Deloitte Romania has been credited for reporting these issues.
In an FAQ document, the company clarified that it’s not aware of attacks exploiting any of the three vulnerabilities in the wild.
vCenter Server versions 7.0 and 8.0 are impacted. Fixes for the vulnerabilities are included in versions 8.0 U2d, 8.0 U1e and 7.0 U3r.
The location of VMware security advisories changed recently and they are now available on the Broadcom Support Portal.
Related: VMware Patches Vulnerabilities Exploited at Pwn2Own 2024
Related: VMware Patches Critical ESXi Sandbox Escape Flaws
Related: Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021
