- A VMware bug that provides Remote Code Execution capabilities is being exploited in the wild
- The bug was first noticed in September 2024, but the patch did not fix the problem
- A second patch has been released and users are urged to sign up now
Broadcom warns that two vulnerabilities affecting its VMware vCenter Server product are being exploited in the wild by hackers.
Patches are available and users are urged to apply them immediately as there is no workaround. Furthermore, the vulnerabilities can be used to cause significant damage to affected networks.
In mid-September 2024, VMware issued a security advisory claiming that it had patched two flaws in vCenter Server that could have given threat actors the ability to perform remote code execution (RCE).
Confirmed exploitation
These flaws were tracked as CVE-2024-38812 and CVE-2024-38813.
The first affects vCenter 7.0.3, 8.9.2, and 8.0.3, as well as all versions of vSphere or VMware Cloud Foundation before the versions mentioned above. It was given a severity score of 9.8 (critical) because it can be exploited without user interaction, and because it grants RCE capabilities to a threat actor sending a tailored network packet. The latter, on the other hand, is a 7.5 severity error, which allows escalation of root privileges.
Both vulnerabilities were first discovered by Team TZL from Tsinghua University, during the Matrix Cup Cyber Security Competition, held in China earlier this year.
It soon became known that the patches did not work properly, as Broadcom released a second patch in late October 2024. Even though the bug had been present for months and had been patched twice, there was still no exploitation at that point. in the wild.
However, that time has now come.
“Updated advisory to note that VMware has been confirmed by Broadcom to have exploited CVE-2024-38812 and CVE-2024-38813 in the wild,” Broadcom said earlier this week.
Unfortunately, we currently do not know who is exploiting these vulnerabilities, or against whom. However, BleepingComputer recalls that threat actors, including ransomware gangs and state-sponsored threat actors, often target VMware vCenter bugs.
Via BleepingComputer