VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
24968
18 November 2024
17 September 2024
OPEN
CRITICAL
7.5-9.8
CVE-2024-38812, CVE-2024-38813
Advisory ID: | VMSA-2024-0019.3 |
Severity: | Critical |
CVSSv3 Range: | 7.5-9.8 |
Synopsis: | VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) |
Issue date: | 2024-09-17 |
Updated on: | 2024-10-21 |
CVE(s) | CVE-2024-38812, CVE-2024-38813 |
1. Impacted Products
- VMware vCenter Server
- VMware Cloud Foundation
2. Introduction
IMPORTANT: VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not fully address CVE-2024-38812. All customers are strongly encouraged to apply the patches currently listed in the Response Matrix. Additionally, patches for 8.0 U2 line are also available.
A heap-overflow vulnerability and a privilege escalation vulnerability in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
3a. VMware vCenter Server heap-overflow vulnerability (CVE-2024-38812)
Description:
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Known Attack Vectors:
A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Resolution:
To remediate CVE-2024-38812 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.
Workarounds:
In-product workarounds were investigated, but were determined to not be viable.
Additional Documentation:
A supplemental FAQ was created for additional clarification. Please see: https://bit.ly/vcf-vmsa-2024-0019-qna
Acknowledgments:
VMware would like to thank zbl & srs of team TZL working with the 2024 Matrix Cup contest for reporting this issue to us.
Notes:
[1] VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not completely address CVE-2024-38812. The patches listed in the Response Matrix below are updated versions that contain additional fixes to fully address CVE-2024-38812.
- VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812.
3b. VMware vCenter privilege escalation vulnerability (CVE-2024-38813)
Description:
The vCenter Server contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
Known Attack Vectors:
A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
Resolution:
To remediate CVE-2024-38813 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.
Workarounds:
None.
Additional Documentation:
A supplemental FAQ was created for additional clarification. Please see: https://bit.ly/vcf-vmsa-2024-0019-qna
Acknowledgments:
VMware would like to thank zbl & srs of team TZL working with the 2024 Matrix Cup contest for reporting this issue to us.
Notes:
- VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38813.
Response Matrix: 3a & 3b
VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
VMware vCenter Server |
8.0 | Any |
CVE-2024-38812, CVE-2024-38813 |
9.8, 7.5 | Critical | 8.0 U3d [1] | None | FAQ |
VMware vCenter Server |
8.0 | Any |
CVE-2024-38812, CVE-2024-38813 |
9.8, 7.5 | Critical |
8.0 U2e | None | FAQ |
VMware vCenter Server | 7.0 | Any |
CVE-2024-38812, CVE-2024-38813 |
Critical |
7.0 U3t [1] | None | FAQ | |
VMware Cloud Foundation |
5.x | Any | CVE-2024-38812, CVE-2024-38813 | Critical |
Async patch to 8.0 U3d [1] | None | Async Patching Guide: KB88287 | |
VMware Cloud Foundation |
5.1.x | Any | CVE-2024-38812, CVE-2024-38813 | Critical | Async patch to 8.0 U2e | None | Async Patching Guide: KB88287 | |
VMware Cloud Foundation | 4.x | Any | CVE-2024-38812, CVE-2024-38813 | Critical |
Async patch to 7.0 U3t [1] | None | Async Patching Guide: KB88287 |
4. References:
Fixed Version(s) and Release Notes:
VMware vCenter Server 8.0 U3d
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5574
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u3d-release-notes/index.html
VMware vCenter Server 8.0 U2e
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5531
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u2e-release-notes/index.html
VMware vCenter Server 7.0 U3t
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5580
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3t-release-notes/index.html
KB Articles:
Cloud Foundation 5.x/4.x:
https://knowledge.broadcom.com/external/article?legacyId=88287
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38813
FIRST CVSSv3 Calculator:
CVE-2024-38812: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2024-38813: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
5. Change Log:
2024-09-17 VMSA-2024-0019
Initial security advisory.
2024-09-20 VMSA-2024-0019.1
vCenter Server 8.0 U3b updates mentioned in the response matrix may introduce a functional issue. Please review KB377734 for more information.
2024-10-21 VMSA-2024-0019.2
Updated Response Matrix with latest vCenter patches released on 2024-10-21 that fully address CVE-2024-38812.
2024-11-18 VMSA-2024-0019.3
Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813.
6. Contact:
E-mail: [email protected]
PGP key
https://knowledge.broadcom.com/external/article/321551
VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories
VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response
VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle
VMware Security Blog
https://blogs.vmware.com/security
X
https://x.com/VMwareSRC
Copyright 2024 Broadcom All rights reserved.