Get a demo

Voyager18 (research)

How to fix CVE-2024-37079 & CVE-2024-37080 in VMware vCenter Server

CVE-2024-37079 & CVE-2024-37080 affect users of VMware products. Here's everything you need to know about both.

Yair Divinsky | June 30, 2024

Two critical vulnerabilities, CVE-2024-37079 and CVE-2024-37080, have been discovered in VMware vCenter Server, potentially impacting thousands of systems worldwide.

These vulnerabilities, identified as heap-overflow issues, could allow attackers to execute arbitrary code remotely. Affected systems include vCenter Server versions 7.0, 8.0, and Cloud Foundation versions 4.x and 5.x. Given the widespread use of VMware vCenter Server in managing virtualized environments, these vulnerabilities pose a significant risk to enterprise security.

Here’s what you need to know:

TL;DR

Affected products: 

– VMware vCenter Server versions 7.0 and 8.0 

– VMware Cloud Foundation versions 4.x and 5.x 

Product category: 

Virtualization Management 

Severity: 

Critical 

Type: 

Heap Overflow 

Impact: 

Remote Code Execution (RCE) 

PoC: 

Proof-of-concept (PoC) code is currently not publicly available but is likely being developed by security researchers. 

Exploit in the wild 

No confirmed reports of active exploitation 

CISA Catalog 

 

Remediation action 

Apply security patches released by VMware. 

MITRE advisory 

 CVE-2024-37079

CVE-2024-37080

 

What are CVE-2024-37079 & CVE-2024-37080?

CVE-2024-37079 and CVE-2024-37080 are critical security vulnerabilities discovered in VMware vCenter Server. These vulnerabilities are categorized as heap-overflow issues, which can be exploited to achieve remote code execution (RCE). The flaws were identified by cybersecurity researchers and reported to VMware, prompting the company to issue a security advisory VMSA-2024-0012.Exploiting these vulnerabilities allows attackers to execute malicious code on the affected servers, potentially gaining full control over the systems. 

In their advisory, Broadcom say: “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution,” , but noted that they are currently not aware of them being exploited “in the wild”.  

 

Do CVE-2024-37079 and CVE-2024-37080 affect me?

To determine if your systems are affected by CVE-2024-37079 and CVE-2024-37080, check the version of your VMware vCenter Server. The affected versions are 7.0, 8.0, and Cloud Foundation versions 4.x and 5.x. Administrators should review their system configurations and utilize available tools to scan for these specific vulnerabilities. 

VMware’s official documentation and security advisory provide detailed instructions and tools for identifying affected systems. If your systems match the affected versions, immediate action is required to mitigate the risks. 

SOCRadar researchers say “A ZoomEye search for exposed VMware vCenter appliances reveals nearly 42,000 results, predominantly located in the United States and China, with France also having a significant presence”. 

Have CVE-2024-37079 & CVE-2024-37080 been actively exploited in the wild?

As of the latest reports, there have been no confirmed incidents of active exploitation of CVE-2024-37079 and CVE-2024-37080 in the wild. However, the critical nature of these vulnerabilities and the high value of VMware vCenter Server environments make them attractive targets for attackers.

Security researchers and cyber security firms are closely monitoring the situation and recommend preemptive measures to protect against potential exploitation. 

How to fix CVE-2024-37079 & CVE-2024-37080

To mitigate and fix these vulnerabilities, VMware has released security patches for the affected versions of vCenter Server. Administrators should: 

  1. Apply the latest patches: Download and install the patches from VMware’s official site or through their update management systems. 

To prevent exploitation apply these updates: 

  • vCenter Server 7.0 U3r 
  • vCenter Server 8.0 U2d and 8.0 U1e 
  • Cloud Foundation (vCenter Server) KB88287 
  1. Verify patch installation: Ensure that the patches have been correctly applied by checking the version numbers and any related logs. 
  2. Temporary Workarounds: If immediate patching is not feasible, consider implementing temporary workarounds such as network segmentation, enhanced monitoring, and access controls to reduce the risk of exploitation. 

For detailed patching instructions and additional resources, refer to VMware’s security advisory VMSA-2024-0012 and the respective knowledge base articles. 

 

Next steps

Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. Q1 2024 Vulnerability Watch
  2. The MITRE ATT&CK framework: Getting started
  3. The true impact of exploitable vulnerabilities for 2024
  4. Multi-cloud security challenges – a best practice guide
  5. How to properly tackle zero-day threats

Get rid of silos;

Start owning exposure risk

Test drive the leader in exposure risk management