Broadcom Advises Urgent Patch for Severe VMware vCenter Server Vulnerabilities
hackread.com
|
Contributed by: Sarah Richardson
Summary
Broadcom has issued a security advisory, VMSA-2024-0012, detailing three critical vulnerabilities in VMware vCenter Server identified as CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081. The first two, which are heap overflow flaws with a 9.8 CVSS score, could allow remote code execution via the DCERPC protocol, posing significant risks to managed virtual environments. The third vulnerability, with a 7.7 CVSS score, enables local users to escalate privileges on vCenter Server appliances. Although these vulnerabilities have not been exploited yet, their potential impact on data security and operational integrity is severe. Broadcom urges organizations to promptly patch these vulnerabilities due to the absence of viable workarounds. Industry experts emphasize the need for strict access controls and network isolation to mitigate risks.
