Tuesday, October 22, 2024
HomeCyber SecurityVMware Releases vCenter Server Update to Fix Critical RCE Vulnerability  The...

VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability  The Cyber Security News ​The.Cyber.Security.News

Cyber SecurityTechnology News
Manufacturing.International

VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution.

The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol.

✔ Approved
From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

“A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution,” Broadcom-owned virtualization services provider said.

The flaw was originally reported by zbl and srs of team TZL at the Matrix Cup cybersecurity competition held in China earlier this year.

“VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not fully address CVE-2024-38812,” the company noted.

Patches for the flaw are available in the below vCenter Server versions –

8.0 U3d
8.0 U2e, and
7.0 U3t

It’s also available as an asynchronous patch for VMware Cloud Foundation versions 5.x, 5.1.x, and 4.x. There are no known mitigations.

While there is no evidence that the vulnerability has been ever exploited in the wild, users are advised to update to the latest versions to safeguard against potential threats.

In July 2021, China passed a law that requires vulnerabilities discovered by researchers in the country to be promptly disclosed to the government and the product’s manufacturer, raising concerns that it could help nation-state adversaries stockpile zero-days and weaponize them to their advantage.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Some parts of this article are sourced from:thehackernews.com 

Previous article
FTC Rule To Protect Consumers From Fake Reviews, AI-Generated Testimonials Comes Into Effect: What You Need To Know  Kaustubh Bagalkote Benzinga – Stock Market Quotes, Business News, Financial News, Trading Ideas, and Stock Research by Professionals​
Next article
Emotional intelligence: The five key areas for HR to concentrate on  HR Executive Tom Starner
RELATED ARTICLES
- Advertisment -

Top Stories

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT US

At Manufacturing.International, our mission is to empower businesses with comprehensive, up-to-date information and resources for successful manufacturing ventures worldwide. We aim to be the premier hub for international manufacturing knowledge, providing a one-stop platform that connects industry professionals, offers valuable insights, access to the latest tools, books, software and fosters a community of learning and innovation.

Contact us: [email protected]

FOLLOW US