VMware fixes critical vCenter RCE vulnerability | NewPush Blog

VMware released critical security patches to address remote code execution (RCE) vulnerabilities in vCenter Server. These vulnerabilities, identified as CVE-2024-37079 and CVE-2024-37080, could allow malicious actors to gain complete control over vulnerable systems.

vCenter Server serves as a central management platform for virtual machines and ESXi hosts, making it a crucial component in many organizations' IT infrastructure. The vulnerabilities reside in the implementation of a communication protocol called DCERPC. By exploiting these weaknesses, attackers could remotely execute arbitrary code on the vCenter Server, potentially gaining full administrative access to the system.

While there are currently no known exploits in the wild, VMware has emphasized the critical nature of these vulnerabilities, urging all users to apply the available patches as soon as possible.

Impact of Exploitation:

Successful exploitation of these vulnerabilities could lead to severe consequences, including:

Data theft: Attackers could access and steal sensitive data stored on the virtual machines managed by vCenter Server.
System compromise: Full control over vCenter Server could allow attackers to disrupt operations, install malware, or launch further attacks against the organization's network.
Denial of service: Attackers could disable vCenter Server, impacting the availability of critical virtual machines and services. Affected Versions and Patches:

The vulnerabilities affect vCenter Server versions 7.0 and 8.0. VMware has released security updates for both versions, which address these vulnerabilities. Users are strongly advised to download and apply these patches immediately.

Mitigation:

In addition to applying the security patches, VMware recommends implementing the following mitigation measures:

Network Segmentation: Isolate vCenter Server from the public internet and restrict access to authorized users only.
Strong Passwords and Multi-Factor Authentication (MFA): Utilize strong passwords and enable MFA for all administrative accounts.
Regular Security Audits: Perform regular security audits to identify and address potential vulnerabilities. Recommendations:
Apply patches immediately: The security patches are available for download from VMware's website. Prioritize installing these patches as quickly as possible.
Monitor for malicious activity: Closely monitor systems for any signs of suspicious activity and report any anomalies to security teams.
Stay informed: Keep abreast of security updates and advisories from VMware and other relevant security vendors. These vulnerabilities highlight the importance of proactively managing security risks within enterprise environments. Organizations should prioritize applying security updates promptly, implementing security best practices, and staying informed about emerging threats.

Bleeping Computer 06/18/2024