VMware has issued a critical security advisory, VMSA-2024-0012, addressing multiple vulnerabilities in VMware vCenter Server, a key component of VMware vSphere and VMware Cloud Foundation products. If exploited, these vulnerabilities could allow attackers to execute remote code on affected systems.
Key Vulnerabilities
The advisory highlights several critical vulnerabilities, including heap overflow and local privilege escalation issues. The most severe of these vulnerabilities have been assigned the following CVE identifiers:
- CVE-2024-37079
- CVE-2024-37080
- CVE-2024-37081
Heap-Overflow Vulnerabilities (CVE-2024-37079, CVE-2024-37080)
These vulnerabilities exist due to issues in the implementation of the DCERPC protocol within the vCenter Server. They have been rated with a maximum CVSSv3 base score of 9.8, indicating critical severity. An attacker with network access to the vCenter Server can exploit these vulnerabilities by sending specially crafted network packets, potentially leading to remote code execution.
Patch: VMware has released patches to address these vulnerabilities. Users are advised to apply the updates listed in the ‘Fixed Version’ column of the response matrix below.
Local Privilege Escalation Vulnerability (CVE-2024-37081)
This vulnerability stems from a misconfiguration of sudo in vCenter Server, allowing an authenticated local user with non-administrative privileges to elevate their privileges to root. It has a CVSSv3 base score of 7.8, categorized as important. An authenticated local user can exploit this vulnerability to gain root access on the vCenter Server Appliance.
Patch: Patches have been released to remediate this issue. Users should apply the updates listed in the response matrix.
Response Matrix
| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
|---|---|---|---|---|---|---|---|---|
| vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | 8.0 U2d | None | FAQ |
| vCenter Server | 8.0 | Any | CVE-2024-37079, CVE-2024-37080 | 9.8, 9.8 | Critical | 8.0 U1e | None | FAQ |
| vCenter Server | 7.0 | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | 7.0 U3r | None | FAQ |
Impacted Product Suites
| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
|---|---|---|---|---|---|---|---|---|
| Cloud Foundation (vCenter Server) | 5.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | KB88287 | None | FAQ |
| Cloud Foundation (vCenter Server) | 4.x | Any | CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 | 9.8, 9.8, 7.8 | Critical | KB88287 | None | FAQ |
Organizations using VMware vCenter Server are urged to apply the necessary patches immediately to mitigate these critical vulnerabilities.
How to Verify Patches
Organizations can verify that patches have been successfully applied to vCenter Server by following these steps:
Access the Appliance Shell:
- Log in to the vCenter Server Appliance shell as a user with super administrator privileges, typically the root user.
List Installed Patches:
- Use the software-packages utility to view the list of installed patches. Run the following command to see all patches currently applied:
bash software-packages list - To view the patches in chronological order, use:
bash software-packages list --history - This command provides a detailed list of all patches applied, including the installation date and other relevant details.
Check Specific Patch Details:
- If you need to verify details about a specific patch, use the following command:
bash software-packages list --patch <patch_name> - Replace
<patch_name>with the actual name of the patch you want to check. For example:bash software-packages list --patch VMware-vCenter-Server-Appliance-Patch1 - This command will display comprehensive details about the specified patch, such as the vendor, description, and installation date.
Use the vCenter Server Management Interface (VAMI):
- Log in to the VAMI at
https://<vcenter-hostname-or-IP>:5480using the root account. - Navigate to the “Update” section. In the “Current version details” pane, you can view the vCenter Server version and build number.
- The “Available Updates” pane will show the status of updates, including whether they have been installed successfully.
Verify System Functionality:
- After applying patches, ensure that the vCenter Server Appliance is functioning correctly. Check critical services and perform routine operations to confirm that the system is stable and operating as expected.
Found this news interesting? Follow us on Twitter and Telegram to read more exclusive content we post.
