The following report is intended to notify suspicious activity that has been observed and/or detected by our SOC specialists to avoid the existence of a security incident.
VMware vCenter Server Updates
Multiple stack overflow and privilege escalation vulnerabilities have been discovered in VMware vCenter Server updates.
A malicious actor with network access to vCenter Server can trigger these vulnerabilities by sending a specially crafted network packet that could lead to remote code execution and take over the system.
Threat  | Vulnerability | Affected products |
Stack Overflow and Privilege Escalation Vulnerabilities in VMware vCenter Server Upgrades. | CVE-2024-37079 CVE-2024-37080 CVE-2024-37081 | VMware vCenter Server VMware Cloud Foundation |
Table 1. Threat Details
CVE-2024-37079: Stack overflow vulnerability in VMware vCenter Server. An attacker can execute arbitrary code on the affected server and allow an unauthenticated remote attacker to compromise the integrity and availability of the system.
CVE-2024-37080: Privilege escalation vulnerability in VMware vCenter Server. An attacker with local access increases his or her administrative privileges and performs unauthorized operations on the system by taking control of it.
CVE-2024-37081: Privilege escalation vulnerability in VMware vCenter Server, similar to CVE-2024-37080, allows an attacker with limited privileges to escalate privileges and execute commands with elevated rights.
References
Fixed versions and release notes.
VMware vCenter Server 8.0 U2d
VMware vCenter Server 8.0 U1e
VMware vCenter Server 7.0 U3r
Recommendations
Patch and implement security updates provided by VMware without delay.
Ensure that different parts of the network are segmented to limit lateral movement of attackers.
Establish a risk-based remediation strategy documented in a remediation process, with monthly or more frequent reviews.
Perform operating system updates on company assets through automated patch management on a monthly or more frequent basis.
Apply the updates listed in the "Fixed Version" column of the "Response Matrix" below to the affected deployments.
Establish a penetration testing program appropriate to the size, complexity and maturity of the company.
コメント