Linux serverNETWORK ADMINISTRATIONS

VMSA-2024-0012: Critical VMware vCenter Server Flaws Allow For RCE

VMware has released a critical security advisory, VMSA-2024-0012, addressing multiple vulnerabilities in VMware vCenter Server, a core component of VMware vSphere and VMware Cloud Foundation products.

If exploited, these vulnerabilities could allow attackers to execute remote code on affected systems.

The advisory highlights several critical vulnerabilities, including heap overflow and local privilege escalation issues. The most severe of these vulnerabilities have been assigned CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081.

Heap-Overflow Vulnerabilities (CVE-2024-37079, CVE-2024-37080)
These vulnerabilities exist when implementing the DCERPC protocol within the vCenter Server. They have been rated with a maximum CVSSv3 base score of 9.8, indicating critical severity.

A malicious actor with network access to the vCenter Server can exploit these vulnerabilities by sending specially crafted network packets, potentially leading to remote code execution.

Patch:

VMware has released patches to address these vulnerabilities. Users are advised to apply the updates listed in the ‘Fixed Version’ column of the response matrix below.

Local Privilege Escalation Vulnerability (CVE-2024-37081)
This vulnerability is due to misconfiguration of sudo in vCenter Server, allowing an authenticated local user with non-administrative privileges to elevate their privileges to root. It has a CVSSv3 base score of 7.8, categorized as important.

An authenticated local user can exploit this vulnerability to gain root access on the vCenter Server Appliance.

Patch:

Patches have been released to remediate this issue. Users should apply the updates listed in the response matrix.

Source: https://cybersecuritynews.com/multiple-vmware-vcenter-server-flaws/amp/

vmware,
vmware windows 10,
vmware horizon,
vmware nsx,
vmware fusion,
vmware fusion mac,
vmware workstation 17 pro,
vmware workstation,
vmware interview questions and answers,
vmware broadcom,
vmware installation,
vmware kali linux install,
vmware vs virtualbox,
vmware esxi tutorial,
vmware workstation pro,
vmware aria operations,
vmware automation,
vmware airwatch mdm,
vmware app volumes,
vmware aria operations for networks,
vmware aria,
vmware app volumes step by step,
vmware acquisition,
vmware acquisition broadcom,
vmware and broadcom latest news,
add kali linux to vmware,
android tv vmware,
android vmware,
amd vmware macos,
aria vmware,
azure migrate vmware step by step,
arch linux vmware,
amd-v is disabled in the bios vmware,
how to install a vmware,
how to use a vmware,
vmware broadcom deal,
vmware bee swarm simulator,
vmware boot from usb,
vmware backup,
vmware broadcom news,
vmware black screen fix,
vmware bridged network setup,
vmware broadcom layoffs,
vmware bss,
backup vmware,
backup vmware esxi,
broadcom vmware acquisition,
bridged network vmware not working,
bliss os vmware,
backup vmware virtual machine,
bee swarm simulator vmware,
boot manager vmware workstation,
black screen kali linux vmware,
broadcom vmware deal,
vmware cloud director,
vmware carbon black,
vmware can finally game on mac,
vmware cloud tutorial,
vmware crack,
vmware cloud computing,
vmware converter standalone,
vmware creating a virtual machine,
vmware create vm from iso,
vmware chrome os,
cài kali linux trên vmware,
cài win 10 trên máy ảo vmware,
centos installation on vmware,
chrome os flex vmware,
cài ubuntu trên vmware,
cucm installation on vmware,
cài vmware,
connect vmware to internet,
cloud vmware,
cách cài ubuntu trên máy ảo vmware,
vmware download,
vmware disaster recovery,
vmware dem configuration,
vmware distributed switch upgrade,
vmware dynamic environment manager,
vmware dhcp server,
vmware download for windows 10,
vmware distributed switch lacp,
vmware docker,
vmware dem,
download vmware,
download kali linux vmware,
download vmware for windows 10,
download vmware for mac free,
download kali linux windows 11 vmware,
debian vmware,
download ubuntu on vmware,
download centos 7 for vmware,
download metasploitable 2 vmware,
download parrot os for vmware,
vmware esxi install,
vmware esxi 7 installation,
vmware engineer,
vmware efi network timeout,
vmware esxi 8 install,
vmware esxi network configuration,
vmware esxi 8.0 installation step by step,
vmware esxi 7 tutorial,
vmware esxi download,
eve ng installation vmware,
efi vmware virtual nvme namespace no media,
enable shared folder in vmware,
eve ng installation vmware hindi,
efi network timeout issue in vmware 17,

source

centos 7