1. Forum
  2. TQWNet
  3. TQW GENTECH

  • A major VMware vCenter Server security bug is now being exploited

    From TechnologyDaily@1337:1/100 to All on Tuesday, November 19, 2024 17:30:05
    A major VMware vCenter Server security bug is now being exploited, so patch now

    Date:
    Tue, 19 Nov 2024 17:28:00 +0000

    Description:
    A bug that was patched twice since September is now being abused to execute malicious code, remotely.

    FULL STORY ======================================================================A
    VMware bug that grants Remote Code Execution abilities is being exploited in the wild The bug was first spotted in September 2024, but the patch did not solve the problem A second patch was released, and users are urged to apply now

    Broadcom is warning two vulnerabilities plaguing its VMware vCenter Server product are being exploited in the wild by hackers.

    Patches are available, and users are urged to apply them immediately, since there is no workaround. Furthermore, the vulnerabilities can be used to cause quite the damage to compromised networks.

    In mid-September 2024, VMware released a security advisory, claiming to have patched two flaws in vCenter Server that could have granted threat actors remote code execution (RCE) abilities. Confirmed exploitation

    These flaws were tracked as CVE-2024-38812 and CVE-2024-38813.

    The former affects vCenter 7.0.3, 8.9.2, and 8.0.3, as well as all versions
    of vSphere or VMware Cloud Foundation prior to the ones listed above. It was given a severity score of 9.8 (critical) since it can be exploited without user interaction, and since it grants RCE capabilities to a threat actor sending a custom-built network packet. The latter, on the other hand, is a 7.5-severity flaw, granting root privilege escalation.

    Both vulnerabilities were first discovered by Team TZL at Tsinghua
    University, during the Matrix Cup Cyber Security Competition, held in China earlier this year.

    However, it was soon announced that the patches did not properly work, since Broadcom issued a second patch in late October 2024. At that time, despite
    the bug being present for months, and having been patched twice, there was still no evidence of abuse in the wild.

    However, that time has now come.

    "Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813," Broadcom
    said earlier this week.

    Unfortunately, at this time, we dont know who is abusing these vulnerabilities, or against whom. However, BleepingComputer reminds that threat actors, including ransomware gangs and state-sponsored threat actors, often target VMware vCenter bugs.

    Via BleepingComputer You might also like VMware vCenter Server RCE vulnerability patched by Broadcom Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-major-vmware-vcenter-server-security- bug-is-now-being-exploited-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)