VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)

VMware Cloud Foundation

1 more products

24968

20 September 2024

17 September 2024

OPEN

CRITICAL

7.5-9.8

CVE-2024-38812, CVE-2024-38813

 

Advisory ID:  VMSA-2024-0019.1
Severity: Critical
CVSSv3 Range: 7.5-9.8
Synopsis: VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
Issue date: 2024-09-17
Updated on: 2024-09-20 
CVE(s) CVE-2024-38812, CVE-2024-38813

 

1. Impacted Products

  • VMware vCenter Server
  • VMware Cloud Foundation

2. Introduction

A heap-overflow vulnerability and a privilege escalation vulnerability in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

3a. VMware vCenter Server heap-overflow vulnerability (CVE-2024-38812

Description:
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Known Attack Vectors:
A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Resolution:
To remediate CVE-2024-38812 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.

Workarounds:
In-product workarounds were investigated, but were determined to not be viable.

Additional Documentation:
A supplemental FAQ was created for additional clarification. Please see: https://bit.ly/vcf-vmsa-2024-0019-qna

Acknowledgments:
VMware would like to thank zbl & srs of team TZL working with the 2024 Matrix Cup contest for reporting this issue to us.

Notes:
None.

3b. VMware vCenter privilege escalation vulnerability (CVE-2024-38813) 

Description:
The vCenter Server contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.

Known Attack Vectors:
A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Resolution:
To remediate CVE-2024-38813 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.

Workarounds:
None.

Additional Documentation:
A supplemental FAQ was created for additional clarification. Please see: https://bit.ly/vcf-vmsa-2024-0019-qna

Acknowledgments:
VMware would like to thank zbl & srs of team TZL working with the 2024 Matrix Cup contest for reporting this issue to us.

Notes:
 [1] Broadcom has determined that vCenter Server 8.0 U3b updates mentioned in the response matrix may introduce a functional issue. Please review KB377734 for more information.

Response Matrix:  3a & 3b

VMware Product Version Running On CVE CVSSv3 Severity Fixed Version Workarounds Additional Documentation
vCenter Server  8.0 Any CVE-2024-38812, CVE-2024-38813 9.87.5 Critical 8.0 U3b [1] None FAQ
vCenter Server   7.0 Any CVE-2024-38812, CVE-2024-38813 9.87.5 Critical 7.0 U3s None FAQ
VMware Cloud Foundation 5.x Any CVE-2024-38812, CVE-2024-38813 9.87.5 Critical Async patch to 8.0 U3b [1] None Async Patching Guide: KB88287
VMware Cloud Foundation 4.x Any CVE-2024-38812, CVE-2024-38813 9.87.5 Critical Async patch to 7.0 U3s None Async Patching Guide: KB88287

 

4. References:

Fixed Version(s) and Release Notes:

VMware vCenter Server 8.0 U3b
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5515
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u3b-release-notes/index.html

VMware vCenter Server 7.0 U3s
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5513
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3s-release-notes/index.html

KB Articles:
Cloud Foundation 5.x/4.x:
https://knowledge.broadcom.com/external/article?legacyId=88287

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38813

FIRST CVSSv3 Calculator: 
CVE-2024-38812: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2024-38813: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

5. Change Log:

2024-09-17 VMSA-2024-0019
Initial security advisory.

2024-09-20 VMSA-2024-0019.1
vCenter Server 8.0 U3b updates mentioned in the response matrix may introduce a functional issue. Please review KB377734 for more information.

6. Contact:

E-mail: [email protected]

PGP key
https://knowledge.broadcom.com/external/article/321551

VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories

VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response

VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle

VMware Security Blog
https://blogs.vmware.com/security

X
https://x.com/VMwareSRC

Copyright 2024 Broadcom All rights reserved.