Critical VMware vCenter Server Vulnerabilities Patched

Estimated read time 2 min read

Broadcom has issued security fixes for VMware vCenter Server software products, to fix several vulnerabilities of critical and high severity. The security fixes, released today, fixes vulnerabilities identified as CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081.

The update fixes two heap overflow vulnerabilities, tracked as CVE-2024-37079 and CVE-2024-37080, which have been assigned the highest severity rating of 9.8 out of 10. These flaws stem from issues in the implementation of the DCE/RPC protocol used by vCenter Server.

What’s the Risk?

The new discovered vulnerabilities in VMware vCenter are considered security risks, as successful exploitation of these vulnerabilities could allow remote attackers to execute malicious code on affected vCenter Server systems. And given vCenter’s central management role, an attacker gaining that level of control poses a severe risk to the entire virtual infrastructure.

Affected Versions

The security vulnerabilities recently addressed by Broadcom impact several versions of VMware vCenter Server, including:

vCenter Server 7.0
vCenter Server 8.0
Cloud Foundation (vCenter Server) versions 4.x and 5.x

The updated versions patching these flaws include vCenter Server 7.0 U3r, 8.0 U1e, and 8.0 U2d, as well as Cloud Foundation 4.x and 5.x which incorporate vCenter Server.

Another Privilege Escalation Vulnerability CVE-2024-37081

In addition to the CVE-2024-37079 and CVE-2024-37080 remote code execution bugs, Broadcom’s update for vCenter Server also resolves another high-severity privilege escalation vulnerability, CVE-2024-37081 (CVSS 7.8). This flaw is taking advantage of a sudo misconfiguration that could allow authenticated local users to gain root privileges on the affected VMware vCenter appliances.

Thousands of vCenter Servers Potentially Vulnerable

Shodan, a search engine for Internet-connected devices, reveals that over 1800+ exposed online VMware vCenter Servers.

Shodan Query

product:"VMware vCenter Server"

Hunter, another search engine, shows an even more higher numbers, with around 7300 online VMware vCenter Servers discovered.

Hunter Query

product.name="VMware vCenter Server"

Zoomeye, the cyberspace search engine, also lists over 3000+ Servers.

ZoomEye Query

app:"VMware_vCenter"
VMware vCenters Regional Distribution as per zoomeye

FOFA, the Chinese search engine for global cyberspace mapping, discovers another 1700+ Servers.

FOFA Query

app="vmware-vCenter"

What Can You Do?

If you have Broadcom VMware vCenter appliances within your IT infrastructure then you must make it a top priority to implement the latest VMware security updates as soon as possible. Leaving vCenter Servers unpatched opens the door to potential critical security incidents.

June Bauer

Pop cultureaholic, Technology expert, Web fanatic and a Social media geek. If you have any questions or comments please feel free to email her at june@thecoinspost.com or contact her on X @JuneTBauer1

You May Also Like

More From Author