Regarding the critical vulnerabilities Remote Code Execution – VMware vCenter (CVE-2024-37079, CVE-2024-37080). vCenter is a product for centralized management of virtual infrastructure on the VMware vSphere platform.
Both vulnerabilities were fixed on June 17. They have the same description and CVSS 9.8.
The vulnerabilities are related to heap overflow in the implementation of the DCERPC protocol. An attacker with network access to vCenter Server sends a specially crafted network packet and potentially triggers RCE.
There is no public exploit or sign of exploitation in the wild yet, however:
🔸 The description of the vulnerabilities is very similar to last year’s actively exploited vCenter RCE (CVE-2023-34048).
🔸 The “screenshot of vSphere Client”, the vCenter interface, has become a kind of meme for attackers, confirming that the organization’s virtual infrastructure has been compromised.
Be sure to update!
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
Pingback: Regarding the critical vulnerability Authentication Bypass – Veeam Backup & Replication (CVE-2024-29849) | Alexander V. Leonov
Pingback: Trending vulnerabilities for June according to Positive Technologies | Alexander V. Leonov