Broadcom has recently released fixes for three vulnerabilities affecting VMware vCenter, two of which are of critical severity and allow remote code execution (RCE). This comes at a time when virtual machines (VMs) continue to be a prime target for hackers, given the wealth of sensitive data and applications they often contain. Immediate patching is highly recommended.
VMware vCenter serves as the centralized management console for VMware virtual environments. It is used to view and manage VMs, multiple ESXi hosts, and all dependent components from a single centralized location. The vulnerabilities, CVE-2024-37079 and CVE-2024-37080, are heap overflow vulnerabilities in vCenter’s implementation of DCERPC (Distributed Computing Environment/Remote Procedure Call), a protocol used for calling a function on a remote machine as if it were a local one.
DCERPC is particularly useful for interacting with remote machines, making it an attractive target for remote hackers. By using a specially crafted network packet, an attacker with network access can exploit these vulnerabilities to remotely execute their own code on VMs managed by vCenter. The potential for harm has earned both vulnerabilities critical 9.8 out of 10 scores on the CVSS scale.
Moreover, Broadcom has patched a number of local privilege escalation vulnerabilities resulting from a misconfiguration of sudo within vCenter. Sudo, short for “superuser do” or “substitute user do,” allows users in Unix systems to run commands with the privileges of another user, typically at the root level. An authenticated local user can exploit the bug, labeled CVE-2024-37081, to obtain administrative privileges on a vCenter Server appliance. This vulnerability has been assigned a high CVSS score of 7.8.
As of now, there is no evidence that any of these three vulnerabilities have been exploited in the wild, although this could change rapidly. Remediations can be found on the official VMware website.
The risk in cloud VMs is significant. According to VMware’s own documentation, the company boasts more than 400,000 customers, including all Fortune 500 and Fortune Global 100 companies. Its technology supports over 80% of virtualized workloads and a significant portion of business-critical applications.
“The increasing popularity of cloud computing has led to a corresponding surge in VM usage, consolidating multiple applications onto a single physical server,” explains Patrick Tiquet, vice president of security and architecture at Keeper Security. “This consolidation not only enhances operational efficiency but also presents attackers with the opportunity to compromise a variety of services through a single breach.”
vCenter Server epitomizes this risk. As the centralized management software supporting the VMware vSphere and Cloud Foundation platforms, it provides a launch point for both IT administrators and hackers to reach many VMs running across organizations.
“Successful breaches not only disrupt services and result in financial losses, but can also lead to the exposure of sensitive data and violations of regulatory requirements, severely damaging an organization’s reputation,” warns Tiquet. Therefore, patching new vulnerabilities as they emerge is both necessary and insufficient for organizations to feel secure.
In addition to network segmentation, vulnerability audits, and other security hardening tactics like incident response planning and maintaining robust backups, network administrators must lead from the front. “Administrators should always ensure they’re using a secure vault and secrets management solution, they must apply necessary updates as soon as possible, and they should also check their cloud console’s security controls to ensure they’re following the latest recommendations,” advises Tiquet.
This incident serves as a stark reminder of the importance of data security and the potential legal and financial repercussions of failing to adequately protect sensitive information. It underscores the need for companies to invest in robust security measures, prioritize transparency in their communications, and ensure compliance with data protection laws to safeguard their stakeholders’ interests.
- Important Terms Related to Log Monitoring (A to Z Terms)
- How to View SSH Logs on Linux
- How to Choose the Best Penetration Testing Tool for Your Business
- Top 8 Cybersecurity Testing Tools for 2024
- How To Parse FortiGate Firewall Logs with Logstash
- Categorizing IPs with Logstash – Private, Public, and GeoIP Enrichment
- 9 Rules of Engagement for Penetration Testing
- Google vs. Oracle – The Epic Copyright Battle That Shaped the Tech World
- Introducing ChatGPT Search – Your New Gateway to Instant, Up-to-date Information
- Python Has Surpassed JavaScript as the No. 1 Language on GitHub