VMware Reveals Critical Vulnerabilities, Calls for Immediate Action
VMware has announced critical vulnerabilities in its VMware vSphere and VMware Cloud Foundation products, urging customers to promptly install updates with necessary patches.
The vulnerabilities are found in the VMware vCenter Server, integral to the affected products.
In a security advisory on June 17, 2024, VMware highlighted three CVEs with severity scores between 7.8 and 9.8.
These vulnerabilities include memory management and corruption flaws, which could potentially allow remote code execution.
Multiple heap-overflow vulnerabilities:
CVE-2024-37079 and CVE-2024-37080 relate to multiple heap-overflow vulnerabilities in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution. These issues have been given a CVSS score of 9.8.
Multiple local privilege escalation vulnerabilities:
CVE-2024-37081 relates to multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance. These issues have been given a CVSS score of 7.8.
For Further Reference