Skip to content
New Ebook: Get your copy of the Unleash the Power of Censys Search Handbook today! | Download Now
Advisory

September 18, 2024 Advisory: VMware vCenter DCERPC Heap-Overflow RCE [CVE-2024-38812]

Date of Disclosure: September 18th, 2024

CVE-ID and CVSS Score: CVE-2024-38812: CVSS 9.8

Issue Name and Description: VMware vCenter Heap-Overflow Vulnerability

Asset Description: This vulnerability affects versions 7.0 before 7.0 U3s and 8.0 before 8.0 U3b of VMware vCenter. VMware vCenter is a centralized management platform for VMware’s vSphere environments, which are used for virtualization of servers and infrastructure. It provides a single interface to manage, monitor, and control multiple virtual machines (VMs), hosts, and data centers.

Vulnerability Impact: If successfully exploited, a threat actor with network access to vCenter Server, specifically the DCERPC protocol, may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. This could be chained with CVE-2024-38813 which would allow the actor to escalate their privileges to root.

Exploitation Status: There is currently no known PoCs and it is not known by CISA to be currently exploited.

Patch Availability: VMware has patched this vulnerability in versions 7.0 U3s and 8.0 U3b, additionally there is an asynchronous patch for VMware Cloud Foundation 4.x and 5.x. There are instructions on patching in the VMware Security Advisory.

Censys Perspective:

At the time of writing, Censys observes 2,884 exposed devices online.

To identify potentially vulnerable vCenter instances, the following Censys queries can be used:

Censys Search Query:

services.software: (vendor: VMware and product: vCenter)

Censys ASM Query:

host.services.software: (vendor: VMware and product: vCenter)

References:

 

Attack Surface Management Solutions
Learn more