===================================================================== CERT-Renater Note d'Information No. 2024/VULN438 _____________________________________________________________________ DATE : 17/10/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware HCX versions prior to 3.3.3, 3.2.4, 3.1.8, 3.0.16, 1.1.1zb, 1.0.2zl. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019 _____________________________________________________________________ VMSA-2024-0021: VMware HCX addresses an authenticated SQL injection vulnerability (CVE-2024-38814) Product/Component VMware HCX Notification Id 25019 Last Updated 16 October 2024 Initial Publication Date 16 October 2024 Status CLOSED Severity HIGH CVSS Base Score 8.8 WorkAround Affected CVE CVE-2024-38814 Advisory ID: VMSA-2024-0021 Severity: Important CVSSv3 Range: 8.8 Synopsis: VMware HCX addresses an authenticated SQL injection vulnerability (CVE-2024-38814) Issue Date: 2024-10-16 Updated On: 2024-10-16 (Initial Advisory) CVE(s): CVE-2024-38814 1. Impacted Products VMware HCX 2. Introduction An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. 3. Authenticated SQL injection in VMware HCX (CVE-2024-38814) Description: VMware HCX contains an authenticated SQL injection vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8. Known Attack Vectors: A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Resolution: To remediate CVE-2024-38814 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds: None. Additional Documentation: None. Acknowledgements: VMware would like to thank Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative (ZDI) for reporting this issue to us. Notes: None. Response Matrix: VMware Product Version Running On CVE CVSSv3 Severity Fixed Version Workarounds Additional Documentation VMware HCX 4.10.x Any CVE-2024-38814 8.8 Important 4.10.1 None None VMware HCX 4.9.x Any CVE-2024-38814 8.8 Important 4.9.2 None None VMware HCX 4.8.x Any CVE-2024-38814 8.8 Important 4.8.3 None None 4. References: Fixed Version(s) and Release Notes: VMware HCX 4.10.1 Downloads and Documentation: https://docs.vmware.com/en/VMware-HCX/4.10.1/rn/vmware-hcx-4101-release-notes/index.html https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20HCX&displayGroup=Standard&release=4.10.1&os=&servicePk=524789&language=EN VMware HCX 4.9.2 Downloads and Documentation: https://docs.vmware.com/en/VMware-HCX/4.9.2/rn/vmware-hcx-492-release-notes/index.html https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20HCX&displayGroup=Standard&release=4.9.2&os=&servicePk=524535&language=EN VMware HCX 4.8.3 Downloads and Documentation: https://docs.vmware.com/en/VMware-HCX/4.8.3/rn/vmware-hcx-483-release-notes/index.html https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20HCX&displayGroup=Standard&release=4.8.3&os=&servicePk=524692&language=EN Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38814 FIRST CVSSv3 Calculator: CVE-2024-38814: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 5. Change Log: 2024-10-16 VMSA-2024-0021 Initial security advisory. 6. Contact: E-mail: vmware.psirt@broadcom.com PGP key 
https://knowledge.broadcom.com/external/article/321551 VMware Security Advisories 
https://www.broadcom.com/support/vmware-security-advisories VMware External Vulnerability Response and Remediation Policy https://www.broadcom.com/support/vmware-services/security-response VMware Lifecycle Support Phases 
https://support.broadcom.com/group/ecx/productlifecycle VMware Security Blog 
https://blogs.vmware.com/security X https://x.com/VMwareSRC Copyright 2024 Broadcom. All rights reserved. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================