Urgent: Critical Vulnerabilities Found in VMware vCenter Server 

favicon

CloudWize is the first out-of-the-box Cloud Security Center of Excellence (CSCoE) solution that helps companies easily guard their cloud by having maximum cloud security and compliance with minimal effort. Get 360° protection from architecture design to runtime and have peace of mind.

CVE-2024-37079, CVE-2024-37080, CVE-2024-37081

VMware has released critical security patches to address vulnerabilities impacting Cloud Foundation, vCenter Server, and vSphere ESXi. These vulnerabilities could be exploited by attackers to gain unauthorized access and control over your virtual environment.

Understanding the Threats

  • Remote Code Execution (RCE): Two vulnerabilities (CVE-2024-37079 & CVE-2024-37080), both with a maximum CVSS score of 9.8 (indicating severe risk), reside in the implementation of the DCE/RPC protocol used by vCenter Server. An attacker with network access could exploit these vulnerabilities by sending a specially crafted packet, potentially allowing them to execute malicious code directly on the server and gain complete control of your virtual machines.
  • Local Privilege Escalation: A separate vulnerability (CVE-2024-37081) with a CVSS score of 7.8 allows an authenticated local user with low privileges to escalate their access to full administrative control due to misconfiguration of sudo within vCenter Server.

Previous DCE/RPC Vulnerability Patched

This isn’t the first time VMware has addressed DCE/RPC protocol flaws. In October 2023, another critical RCE vulnerability (CVE-2023-34048) was patched.

Vulnerable Systems and Patch Availability

These vulnerabilities affect vCenter Server versions 7.0 and 8.0. Fortunately, VMware has released patches for these versions (7.0 U3r, 8.0 U1e, and 8.0 U2d) to address the identified security holes.

Taking Action and Maintaining Security

While there are no known current exploits targeting these vulnerabilities, it’s crucial to patch your systems immediately due to their severity. Here’s what you need to do:

  1. Identify Vulnerable Systems: Check your vCenter Server version.
  2. Patch Immediately: Download and apply the security patches from VMware’s official resources for the appropriate vCenter Server version.
  3. Consider Upgrading Unsupported vSphere: If you’re using unsupported versions of vSphere (6.5 & 6.7), consider upgrading to a supported version to benefit from ongoing security updates.
  4. Mitigate Local Privilege Escalation: Implement strong access controls to minimize the risk of exploiting CVE-2024-37081. Enforce the principle of least privilege and regularly review user permissions.

Proactive Security is Key

Patching is essential, but a proactive security posture is critical for long-term protection. Here are some best practices to consider:

  • Regular Security Audits: Conduct regular security assessments to identify and address vulnerabilities before attackers exploit them.
  • Network Segmentation: Segment your network to minimize the potential impact of a breach.
  • Strong Password Policies: Enforce strong password policies and implement multi-factor authentication (MFA) for added security.
  • Keep Software Updated: Maintain all software, including vCenter Server and guest operating systems within virtual machines, up-to-date with the latest security patches.

Securing Your Multi-Cloud Environment with CloudWize

Remember, vulnerabilities can emerge across your entire cloud environment, not just within VMware. For maximum cloud security and compliance across VMware, AWS, GCP, and Azure, consider CloudWize, the leading cloud security center of excellence. CloudWize offers a comprehensive suite of security abilities that provide continuous threat detection, automated remediation, and in-depth security posture analysis across your entire multi-cloud landscape.

By following these steps and leveraging CloudWize’s advanced security solution, you can significantly reduce the risk of attackers exploiting vulnerabilities and compromising your virtual and cloud environments.

Request a Demo Here, to see CloudWize in action!

Read BROADCOM’s official announcement here.

Join our weekly demo

Once a week our CEO, Chen Goldberg is giving a group demo. 

In this demo he’s showing how to gain maximum cloud security and compliance using CloudWize platform. 

We use cookies and tracking technologies to improve your experience on our website and for analytics purposes. By using and accessing this site, you agree to our Terms of Use and Privacy Policy