Broadcom Releases Fixes for Critical VMware vCenter Vulnerabilities
Broadcom has released crucial fixes for three vulnerabilities affecting VMware vCenter, two of which allow remote code execution (RCE) and are considered of critical severity. As virtual machines (VMs) continue to attract the attention of hackers due to the valuable data and applications they store, patching these vulnerabilities immediately is strongly advised.
The vulnerabilities, labeled CVE-2024-37079 and CVE-2024-37080, are heap overflow vulnerabilities within vCenter’s DCERPC implementation. DCERPC, short for Distributed Computing Environment/Remote Procedure Call, is used for calling functions on remote machines as if they were local. Hackers with network access can exploit these vulnerabilities by sending specially crafted network packets to execute their own code on VMs managed by vCenter, earning both vulnerabilities high CVSS scores of 9.8 out of 10.
Broadcom also addressed local privilege escalation vulnerabilities resulting from a misconfiguration of sudo in vCenter, with CVE-2024-37081 enabling an authenticated local user to obtain administrative privileges on a vCenter Server appliance, earning a high CVSS score of 7.8.
While there is no evidence of these vulnerabilities being exploited in the wild yet, the potential for harm is significant, especially with the rise in cloud VM usage. As cloud computing and VM consolidation increase operational efficiency, they also present opportunities for attackers to compromise multiple services through a single breach. Organizations are urged to prioritize patching, network segmentation, vulnerability audits, incident response planning, and maintaining robust backups to mitigate risks and protect sensitive data. Administrators should ensure the use of secure vaults, apply updates promptly, and review cloud console security controls regularly to stay ahead of potential threats.