VMware Product Security Update Advisory (CVE-2024-38812, CVE-2024-38813)
Overview
An update has been released to address vulnerabilities in VMware Products. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-38812, CVE-2024-38813
- vCenter Server version: 8.0
- vCenter Server version: 7.0
- VMware Cloud Foundation version: 5.X
- VMware Cloud Foundation version: 4.X
Resolved Vulnerabilities
Heap overflow vulnerability in the DCERPC protocol implementation in vCenter Server (CVE-2024-38812)
A vulnerability that could allow a malicious actor with network access to vCenter Server to escalate root privileges by sending specially crafted network packets (CVE-2024-38813)
Vulnerability Patches
The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-38812, CVE-2024-38813
- vCenter Server version: 8.0 U3b
- vCenter Server version: 7.0 U3
- VMware Cloud Foundation version: Async patch to 8.0 U3b
- VMware Cloud Foundation version: Async patch to 7.0 U3s
References
[1] VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)