VMware vCenter Server multiple heap-overflow
Our experts keep you up-to-date on critical cyber threats (CVEs)
With a (maximum!) CVSSv3 score of 9.8, this issue should be fixed immediately.
VMware vCenter Server multiple heap-overflow
VMware has fixed 2 critical vulnerabilities (CVE-2024-37079 + CVE-2024-37080) impacting vCenter Server versions 7.0 & 8.0, as well as Cloud Foundation versions 4.x & 5.x.
A hacker with network access to the vCenter Server could exploit this vulnerability by sending a specially crafted network packet that might lead to execution of external code. For now, Broadcom has not received any reports of abuse of this vulnerability.
Both CVEs are 'heap-overflow' vulnerabilities in the implementation of the DCE/RPC protocol. They have high risk scores because the attacks can be performed remotely without any user interaction.
Take action
So upgrading/patching is a must. Temporarily, you could also restrict access via advanced firewall configurations to minimise possible attack attempts.
Customers who use our Managed Services enjoy are safe. They have since been patched or are being patched by appointment.
The impact of the operation/upgrade is that VCenter needs to be restarted, which (only) VCenter unreachable for up to one hour.
Feel free to contact us to fix this problem for you. You can do this by mail at support@vanroey.be or count: 014 470 600. You can also have a create a ticket.
Can't create tickets? Ask here to get an account. If our Engineer needs to remotely control your PC, he or she will ask you to run this software .
