CVE-2024-37079 & CVE-2024-37080 affect users of VMware products. Here's everything you need to know about both.
Two critical vulnerabilities, CVE-2024-37079 and CVE-2024-37080, have been discovered in VMware vCenter Server, potentially impacting thousands of systems worldwide.
These vulnerabilities, identified as heap-overflow issues, could allow attackers to execute arbitrary code remotely. Affected systems include vCenter Server versions 7.0, 8.0, and Cloud Foundation versions 4.x and 5.x. Given the widespread use of VMware vCenter Server in managing virtualized environments, these vulnerabilities pose a significant risk to enterprise security.
Here’s what you need to know:
Affected products: |
– VMware vCenter Server versions 7.0 and 8.0 – VMware Cloud Foundation versions 4.x and 5.x |
Product category: |
Virtualization Management |
Severity: |
Critical |
Type: |
Heap Overflow |
Impact: |
Remote Code Execution (RCE) |
PoC: |
Proof-of-concept (PoC) code is currently not publicly available but is likely being developed by security researchers. |
Exploit in the wild |
No confirmed reports of active exploitation |
CISA Catalog |
|
Remediation action |
Apply security patches released by VMware. |
MITRE advisory |
CVE-2024-37079 and CVE-2024-37080 are critical security vulnerabilities discovered in VMware vCenter Server. These vulnerabilities are categorized as heap-overflow issues, which can be exploited to achieve remote code execution (RCE). The flaws were identified by cybersecurity researchers and reported to VMware, prompting the company to issue a security advisory VMSA-2024-0012.Exploiting these vulnerabilities allows attackers to execute malicious code on the affected servers, potentially gaining full control over the systems.
In their advisory, Broadcom say: “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution,” , but noted that they are currently not aware of them being exploited “in the wild”.
To determine if your systems are affected by CVE-2024-37079 and CVE-2024-37080, check the version of your VMware vCenter Server. The affected versions are 7.0, 8.0, and Cloud Foundation versions 4.x and 5.x. Administrators should review their system configurations and utilize available tools to scan for these specific vulnerabilities.
VMware’s official documentation and security advisory provide detailed instructions and tools for identifying affected systems. If your systems match the affected versions, immediate action is required to mitigate the risks.
SOCRadar researchers say “A ZoomEye search for exposed VMware vCenter appliances reveals nearly 42,000 results, predominantly located in the United States and China, with France also having a significant presence”.
As of the latest reports, there have been no confirmed incidents of active exploitation of CVE-2024-37079 and CVE-2024-37080 in the wild. However, the critical nature of these vulnerabilities and the high value of VMware vCenter Server environments make them attractive targets for attackers.
Security researchers and cyber security firms are closely monitoring the situation and recommend preemptive measures to protect against potential exploitation.
To mitigate and fix these vulnerabilities, VMware has released security patches for the affected versions of vCenter Server. Administrators should:
To prevent exploitation apply these updates:
For detailed patching instructions and additional resources, refer to VMware’s security advisory VMSA-2024-0012 and the respective knowledge base articles.
Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: