==================================================================== CERT-Renater Note d'Information No. 2024/VULN373 _____________________________________________________________________ DATE : 18/09/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware vCenter Server versions prior to 8.0 U3b, 7.0 U3s, VMware Cloud Foundation versions prior to 8.0 U3b, 7.0 U3s. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 _____________________________________________________________________ VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) Product/Component VMware Cloud Foundation VMware vCenter Server Notification Id 24968 Last Updated 17 September 2024 Initial Publication Date 17 September 2024 Status OPEN Severity CRITICAL CVSS Base Score 7.5-9.8 WorkAround Affected CVE CVE-2024-38812, CVE-2024-38813 Advisory ID: VMSA-2024-0019 Severity: Critical CVSSv3 Range: 7.5-9.8 Synopsis: VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) Issue date: 2024-09-17 Updated on: 2024-09-17 (Initial Advisory) CVE(s) CVE-2024-38812, CVE-2024-38813 1. Impacted Products VMware vCenter Server VMware Cloud Foundation 2. Introduction A heap-overflow vulnerability and a privilege escalation vulnerability in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. 3a. VMware vCenter Server heap-overflow vulnerability (CVE-2024-38812) Description: The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Known Attack Vectors: A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. Resolution: To remediate CVE-2024-38812 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments. Workarounds: In-product workarounds were investigated, but were determined to not be viable. Additional Documentation: A supplemental FAQ was created for additional clarification. Please see: https://bit.ly/vcf-vmsa-2024-0019-qna Acknowledgments: VMware would like to thank zbl & srs of team TZL working with the 2024 Matrix Cup contest for reporting this issue to us. Notes: None. 3b. VMware vCenter privilege escalation vulnerability (CVE-2024-38813) Description: The vCenter Server contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5. Known Attack Vectors: A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. Resolution: To remediate CVE-2024-38813 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments. Workarounds: None. Additional Documentation: A supplemental FAQ was created for additional clarification. Please see: https://bit.ly/vcf-vmsa-2024-0019-qna Acknowledgments: VMware would like to thank zbl & srs of team TZL working with the 2024 Matrix Cup contest for reporting this issue to us. Notes: None. Response Matrix: 3a & 3b VMware Product Version Running On CVE CVSSv3 Severity Fixed Version Workarounds Additional Documentation vCenter Server 8.0 Any CVE-2024-38812, CVE-2024-38813 9.8, 7.5 Critical 8.0 U3b None FAQ vCenter Server 7.0 Any CVE-2024-38812, CVE-2024-38813 9.8, 7.5 Critical 7.0 U3s None FAQ VMware Cloud Foundation 5.x Any CVE-2024-38812, CVE-2024-38813 9.8, 7.5 Critical Async patch to 8.0 U3b None Async Patching Guide: KB88287 VMware Cloud Foundation 4.x Any CVE-2024-38812, CVE-2024-38813 9.8, 7.5 Critical Async patch to 7.0 U3s None Async Patching Guide: KB88287 4. References: Fixed Version(s) and Release Notes: VMware vCenter Server 8.0 U3b Downloads and Documentation: https://support.broadcom.com/web/ecx/solutiondetails?patchId=5515 https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u3b-release-notes/index.html VMware vCenter Server 7.0 U3s Downloads and Documentation: https://support.broadcom.com/web/ecx/solutiondetails?patchId=5513 https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3s-release-notes/index.html KB Articles: Cloud Foundation 5.x/4.x: https://knowledge.broadcom.com/external/article?legacyId=88287 Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38812 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38813 FIRST CVSSv3 Calculator: CVE-2024-38812: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2024-38813: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 5. Change Log: 2024-09-17 VMSA-2024-0019 Initial security advisory. 6. Contact: E-mail: [email protected] PGP key 
https://knowledge.broadcom.com/external/article/321551 VMware Security Advisories 
https://www.broadcom.com/support/vmware-security-advisories VMware External Vulnerability Response and Remediation Policy https://www.broadcom.com/support/vmware-services/security-response VMware Lifecycle Support Phases 
https://support.broadcom.com/group/ecx/productlifecycle VMware Security Blog 
https://blogs.vmware.com/security X https://x.com/VMwareSRC Copyright 2024 Broadcom All rights reserved. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================