VMSA-2024-0012:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081)
24453
18 June 2024
18 June 2024
CLOSED
CRITICAL
7.8-9.8
CVE-2024-37079, CVE-2024-37080, CVE-2024-37081
| Advisory ID: | VMSA-2024-0012 |
| Severity: | Critical |
| CVSSv3 Range: | 7.8-9.8 |
| Synopsis: | VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) |
| Issue date: | 2024-06-17 |
| Updated on: | 2024-06-17 (Initial Advisory) |
| CVE(s) | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 |
1. Impacted Products
- VMware vCenter Server
- VMware Cloud Foundation
2. Introduction
Multiple heap-overflow and privilege escalation vulnerabilities in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
3a. VMware vCenter Server multiple heap-overflow vulnerabilities (CVE-2024-37079, CVE-2024-37080)
Description:
The vCenter Server contains multiple heap-overflow vulnerabilities in the implementation of the DCERPC protocol. VMware has evaluated the severity of these issues to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Known Attack Vectors:
A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution.
Resolution:
To remediate CVE-2024-37079, and CVE-2024-37080 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.
Workarounds:
In-product workarounds were investigated, but were determined to not be viable.
Additional Documentation:
A supplemental FAQ was created for additional clarification. Please see: https://core.vmware.com/resource/vmsa-2024-0012-questions-answers
Acknowledgments:
VMware would like to thank Hao Zheng (@zhz) and Zibo Li (@zbleet) from TianGong Team of Legendsec at Qi'anxin Group for reporting these issues to us.
Notes:
None.
3b. VMware vCenter multiple local privilege escalation vulnerabilities (CVE-2024-37081)
Description:
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
Known Attack Vectors:
An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
Resolution:
To remediate CVE-2024-37081 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgments:
VMware would like to thank Matei "Mal" Badanoiu @ Deloitte Romania for reporting these issues to us.
Notes:
None.
Response Matrix:
| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| vCenter Server | 8.0 | Any |
CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 |
9.8, 9.8, 7.8 | Critical | 8.0 U2d | None | FAQ |
| vCenter Server | 8.0 | Any |
CVE-2024-37079, CVE-2024-37080 |
9.8, 9.8 | Critical | 8.0 U1e | None | FAQ |
| vCenter Server | 7.0 | Any |
CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 |
9.8, 9.8, 7.8 | Critical | 7.0 U3r | None | FAQ |
Impacted Product Suites that Deploy Response Matrix 3a and 3b Components:
| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| Cloud Foundation (vCenter Server) | 5.x | Any |
CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 |
9.8, 9.8, 7.8 | Critical | KB88287 | None | FAQ |
| Cloud Foundation (vCenter Server) | 4.x | Any |
CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 |
9.8, 9.8, 7.8 | Critical | KB88287 | None | FAQ |
4. References:
Fixed Version(s) and Release Notes:
VMware vCenter Server 8.0 U2d
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5418
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u2d-release-notes/index.html
VMware vCenter Server 8.0 U1e
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5419
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u1e-release-notes/index.html
VMware vCenter Server 7.0 U3r
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5417
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3r-release-notes/index.html
KB Articles:
Cloud Foundation 5.x/4.x:
https://knowledge.broadcom.com/external/article?legacyId=88287
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37081
FIRST CVSSv3 Calculator:
CVE-2024-37079: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2024-37080: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2024-37081: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5. Change Log:
2024-06-17 VMSA-2024-0012
Initial security advisory.
6. Contact:
E-mail: [email protected]
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
Copyright 2024 Broadcom All rights reserved.