- A VMware bug that grants Remote Code Execution abilities is being exploited in the wild
- The bug was first spotted in September 2024, but the patch did not solve the problem
- A second patch was released, and users are urged to apply now
Broadcom is warning two vulnerabilities plaguing its VMware vCenter Server product are being exploited in the wild by hackers.
Patches are available, and users are urged to apply them immediately, since there is no workaround. Furthermore, the vulnerabilities can be used to cause quite the damage to compromised networks.
In mid-September 2024, VMware released a security advisory, claiming to have patched two flaws in vCenter Server that could have granted threat actors remote code execution (RCE) abilities.
Confirmed exploitation
These flaws were tracked as CVE-2024-38812 and CVE-2024-38813.
The former affects vCenter 7.0.3, 8.9.2, and 8.0.3, as well as all versions of vSphere or VMware Cloud Foundation prior to the ones listed above. It was given a severity score of 9.8 (critical) since it can be exploited without user interaction, and since it grants RCE capabilities to a threat actor sending a custom-built network packet. The latter, on the other hand, is a 7.5-severity flaw, granting root privilege escalation.
Both vulnerabilities were first discovered by Team TZL at Tsinghua University, during the Matrix Cup Cyber Security Competition, held in China earlier this year.
However, it was soon announced that the patches did not properly work, since Broadcom issued a second patch in late October 2024. At that time, despite the bug being present for months, and having been patched twice, there was still no evidence of abuse in the wild.
However, that time has now come.
“Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813,” Broadcom said earlier this week.
Unfortunately, at this time, we don’t know who is abusing these vulnerabilities, or against whom. However, BleepingComputer reminds that threat actors, including ransomware gangs and state-sponsored threat actors, often target VMware vCenter bugs.
Via BleepingComputer
Leave a comment