{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-100.pdf"
    },
    "title": "Critical RCE Vulnerability in VMware vCenter Server",
    "serial_number": "2024-100",
    "publish_date": "22-10-2024 08:43:21",
    "description": "On September 17, 2024, Broadcom released a fix for a critical vulnerability tracked as CVE-2024-38812 in VMware vCenter Server, enabling remote code execution (RCE) via a specially crafted network packet. Following this, on October 21, 2024, Broadcom updated their advisory with additional information about another related vulnerability tracked as CVE-2024-38813. <br>\n",
    "url_title": "2024-100",
    "content_markdown": "---\ntitle: 'Critical RCE Vulnerability in\u00a0VMware\u00a0vCenter\u00a0Server'\nnumber: '2024-100'\nversion: '1.1'\noriginal_date: 'September 17, 2024'\ndate: 'October 22, 2024'\n---\n\n_History:_\n\n* _18/09/2024 --- v1.0 -- Initial publication_\n* _22/10/2024 --- v1.1 -- Update about an incomplete patch_\n\n\n# Summary\n\nOn September 17, 2024, Broadcom released a fix for a critical vulnerability tracked as **CVE-2024-38812** in VMware vCenter Server, enabling remote code execution (RCE) via a specially crafted network packet [1]. Following this, on October 21, 2024, Broadcom updated their advisory [2] with additional information about another related vulnerability tracked as **CVE-2024-38813**. \n\n# Technical Details\n\n- The critical vulnerability **CVE-2024-38812** is caused by a heap overflow in vCenter Server's DCE/RPC protocol implementation. This allows an unauthenticated attacker to remotely execute arbitrary code without user interaction.\n\n- Another high-severity vulnerability, **CVE-2024-38813**, enables privilege escalation to root via specially crafted network packets.\n\n# Affected Products\n\nThe following products are affected:\n\n- VMware vCenter Server 7.0 (fixed in 7.0 U3s) and 8.0 (fixed in 8.0 U3b)\n- VMware Cloud Foundation 4.x (fixed in async patch to 7.0 U3s) and 5.x (fixed in async patch to 8.0 U3b)\n\n# Recommendations\n\nCERT-EU recommends to apply the available patches via the VMware Security Advisory [2].\n\nThe VCenter patches released on September 17, 2024 did not completely address CVE-2024-38812. The patches listed in [2] are updated versions that contain additional fixes to fully address CVE-2024-38812.\n\n# References\n\n[1] <https://www.bleepingcomputer.com/news/security/broadcom-fixes-critical-rce-bug-in-vmware-vcenter-server/>\n\n[2] <https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968>",
    "content_html": "<p><em>History:</em></p><ul><li><em>18/09/2024 --- v1.0 -- Initial publication</em></li><li><em>22/10/2024 --- v1.1 -- Update about an incomplete patch</em></li></ul><h2 id=\"summary\">Summary</h2><p>On September 17, 2024, Broadcom released a fix for a critical vulnerability tracked as <strong>CVE-2024-38812</strong> in VMware vCenter Server, enabling remote code execution (RCE) via a specially crafted network packet [1]. Following this, on October 21, 2024, Broadcom updated their advisory [2] with additional information about another related vulnerability tracked as <strong>CVE-2024-38813</strong>. </p><h2 id=\"technical-details\">Technical Details</h2><ul><li><p>The critical vulnerability <strong>CVE-2024-38812</strong> is caused by a heap overflow in vCenter Server's DCE/RPC protocol implementation. This allows an unauthenticated attacker to remotely execute arbitrary code without user interaction.</p></li><li><p>Another high-severity vulnerability, <strong>CVE-2024-38813</strong>, enables privilege escalation to root via specially crafted network packets.</p></li></ul><h2 id=\"affected-products\">Affected Products</h2><p>The following products are affected:</p><ul><li>VMware vCenter Server 7.0 (fixed in 7.0 U3s) and 8.0 (fixed in 8.0 U3b)</li><li>VMware Cloud Foundation 4.x (fixed in async patch to 7.0 U3s) and 5.x (fixed in async patch to 8.0 U3b)</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends to apply the available patches via the VMware Security Advisory [2].</p><p>The VCenter patches released on September 17, 2024 did not completely address CVE-2024-38812. The patches listed in [2] are updated versions that contain additional fixes to fully address CVE-2024-38812.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/security/broadcom-fixes-critical-rce-bug-in-vmware-vcenter-server/\">https://www.bleepingcomputer.com/news/security/broadcom-fixes-critical-rce-bug-in-vmware-vcenter-server/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968\">https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}