Update (10/22/2024): Broadcom has released updated fixes for this vulnerability as the initial patch from September did not fully resolve the issue. Please read our follow-up security bulletin to learn more.
On 17 September 2024, Broadcom released fixes for a critical vulnerability impacting VMware vCenter Server and Cloud foundation, tracked as CVE-2024-38812. This vulnerability is a heap-overflow flaw in the implementation of the DCERPC protocol that a remote attacker can use to send specially crafted network packets to vCenter Server, potentially leading to Remote Code Execution (RCE).
CVE-2024-38812 was responsibly disclosed to VMware by security researchers, and as of now, Arctic Wolf has not identified any reports of active exploitation or a publicly available proof of concept exploit. Nevertheless, it’s important to note that vulnerabilities in VMware vCenter Server and Cloud Foundation have been exploited by threat actors in the past, as indicated by CISA’s Known Exploited Vulnerabilities Catalog. Given its widespread use among organisations, threat actors may attempt to reverse engineer the patches and develop exploits in the near future.
Recommendations for CVE-2024-38812
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| VMware vCenter | 8.0 | 8.0 U3b |
| 7.0 | 7.0 U3s | |
| VMware Cloud Foundation | 5.x | Async patch to 8.0 U3b |
| 4.x | Async patch to 7.0 U3s |
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
