Threat Level Description

IthacaLabs has maintained the Threat Level (High) adding a new observation:

An attack is highly likely. Addressing the broad nature of the threat in order to reach an acceptable risk level, requires additional and sustainable protective security measures combined with specific business and geographical vulnerabilities and judgments.

Description

We have observed that new critical vulnerabilities in VMware Products, have been identified.

An attacker, by exploiting these vulnerabilities, could achieve remote code execution on affected systems.

The vulnerabilities tracked as CVE-2024-37079, CVE-2024-37080 are heap overflow vulnerabilities in the DCERPC protocol implementation of vCenter Server which can be exploited by sending specially crafted packages potentially resulting in remote code execution.

The third vulnerability tracked as CVE-2024-37081, is a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance.

CVE(s)

CVE-2024-37079, CVE-2024-37080

Affected Systems

• VMware vCenter Server versions 7.0 and 8.0
• VMware Cloud Foundation versions 4.x and 5.x

Recommendation(s)

You should proceed and install the relevant patches provided by the vendor.

Furthermore, updating vCenter Server does not affect running workloads or VMs, but a temporary unavailability is to be expected on vSphere Client and other management interfaces during the update.

You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.

References:

• https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vcenter-rce-vulnerability-patch-now/
• https://nvd.nist.gov/vuln/detail/CVE-2024-37080
• https://nvd.nist.gov/vuln/detail/CVE-2024-37079
• https://nvd.nist.gov/vuln/detail/CVE-2024-37081