Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple Vulnerabilities in VMware vCenter Server Platform
Alerts

Multiple Vulnerabilities in VMware vCenter Server Platform

18 September 2024

VMware has released security updates to address multiple vulnerabilities (CVE-2024-38812 and CVE-2024-38813) affecting their vCenter server platform.

The vulnerabilities are:

  • CVE-2024-38812: Successful exploitation of the heap-overflow vulnerability could allow an attacker with network access to perform remote code execution by sending specially crafted packets. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

  • CVE-2024-38813: Successful exploitation of the privilege escalation vulnerability could allow an attacker with network access to send specially crafted packets and attain root privileges.

The vulnerabilities affect the following product versions:

  • VMware vCenter Server versions 7.0 and 8.0

  • VMware Cloud Foundation versions 4.x and 5.x

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/

https://www.securityweek.com/vmware-patches-remote-code-execution-flaw-found-in-chinese-hacking-contest/

Back to top