Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in VMWare vCenter Server
Alerts

Critical Vulnerabilities in VMWare vCenter Server

19 June 2024

VMware has released security updates addressing critical vulnerabilities (CVE-2024-37079 and CVE-2024-37080) affecting their vCenter Server products. The vulnerabilities have a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Success exploitation of the heap-overflow vulnerabilities in the Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) protocol implementation of vCenter Server could allow an attacker with network access to send specially crafted packets, potentially leading to remote code execution.

The vulnerabilities affect the following product versions:

  • VMware vCenter Server version 7.0

  • VMware vCenter Server version 8.0

  • VMware Cloud Foundation version 4.x

  • VMware Cloud Foundation version 5.x

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vcenter-rce-vulnerability-patch-now/

https://www.helpnetsecurity.com/2024/06/18/cve-2024-37079-cve-2024-37080/


Back to top