Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Software

Virtualization

VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation

Bug reports made in China

Iain Thomson Tue 17 Sep 2024  //  20:50 UTC

Broadcom has emitted a pair of patches for vulnerabilities in VMware vCenter Server that a miscreant with network access to the software could exploit to completely commandeer a system. This also affects Cloud Foundation.

The first flaw, CVE-2024-38812, is a heap overflow vulnerability in the Distributed Computing Environment/Remote Procedure Calls (DCERPC) system that could be exploited over the network to achieve remote code execution on unpatched systems. Corrupting the heap could allow an attacker to execute arbitrary code on the system. Broadcom rates it as a critical fix and it has a CVSS score of 9.8 out of 10.

The second one, CVE-2024-38813, is a privilege escalation flaw that ranks a CVSS score of 7.5 and one that VMware-owned Broadcom rates as important. Someone with network access to VMware's vulnerable software could exploit this to gain root privileges on the system.

We can imagine a miscreant with network access using CVE-2024-38812 to gain code execution on a box, and then using CVE-2024-38813 to step up to administrative control. This scenario isn't explicitly outlined in the advisory though Broadcom chose to pair the flaws together in its advisory today and FAQ.

Versions 7 and 8 of vCenter Server and versions 4 and 5 of VMware Cloud Foundation are at risk and Broadcom warns there is no practical workaround for these bugs. In other words, get patching.

The blunders are addressed in vCenter Server versions 8.0 U3b and 7.0 U3s, and Cloud Foundation with async patches to 8.0 U3b and 7.0 U3s.

The discovery of both flaws stemmed from the Matrix Cup Cyber Security Competition, held in June in China, which was organized by 360 Digital Security Group and Beijing Huayunan Information Technology Company. Over 1,000 teams competed to report holes in products for $2.75 million in prizes.

Zbl and srs of Team TZL at Tsinghua University were credited with discovering the bugs, which were disclosed to Broadcom to patch.

The team bagged the competition's Best Vulnerability Award, along with a $59,360 payday, showing once again that bug bounties and competitive hacking really work. ®
Send us news
1 Comment

Broadcom filing mentions major VMware Cloud Foundation releases in March and July

Will they make price rises palatable? Or bring more of what new Netflix lawsuit calls Broadcom's ‘Buy. Chop up. Raise prices' business plan?

Euro-cloud Anexia moves 12,000 VMs off VMware to homebrew KVM platform

Faced with huge license cost increase, provider and customers were both happy to make migration a mission

VMware migrations will be long, expensive, and risky, warns Gartner

And possibly even more so if you don’t start planning yours soon

Microsoft’s latest on-prem Azure is for apps you don’t want in the cloud, but will manage from it

Azure Local is about hybrid management, not hybrid resource pools, and is catching up with virtual rivals

Mitel 0-day, 5-year-old Oracle RCE bug under active exploit

3 CVEs added to CISA's catalog

Ingram Micro to 'stop doing business' with Broadcom, downgrade to 'limited engagement' on VMware

Distributor couldn't do a deal that delivered 'appropriate shareholder return', chip giant says it 'continues to refine' its channel

Broadcom says VMware is a better money-making machine than it hoped

Chip side of the biz expects to take lion's share of hyperscalers' $60-90 billion XPU spend in 2027, helped by 3nm models coming next year

A year after Broadcom took control of VMware, it's in the box seat

Customers are 'all miserable' but not yet deciding to bail - and AT&T appears to have settled its licensing dispute

Broadcom loses another big VMware customer: UK fintech cloud Beeks Group, and most of its 20,000 VMs

A massively increased bill was one motive, but customers went cold on Virtzilla, and OpenNebula proved more efficient

AWS bends to Broadcom's will with VMware Cloud Foundation as-a-service

Microsoft, Oracle, and IBM are all doing it. Andy Jassy's rent-a-server shop may have felt it was leaving money on the table

Broadcom makes U-turn on plan to serve top 2,000 VMware customers itself

Now wants to work with 500 and lean more on partners to defend against migrations – which Dell says are on the cards

No, Broadcom did not just end VMware's flagship VCDX certification program

Sure, it sent an email and FAQ saying it had – but that was a mistake, you see