Issue Name and Description: The vCenter Server is currently facing a critical situation with multiple heap overflow vulnerabilities in its implementation of the DCERPC protocol. VMware has evaluated these issues as Critical, with a maximum CVSSv3 base score of 9.8.
Date Published: Jun 18, 2024
CVE-ID and CVSS Score:
CVE-2024-37079, CVSS Score: 9.8
CVE-2024-27080, CVSS Score: 9.8
CWE: CWE-122 (Heap-based Buffer Overflow)
Asset Description: While there isn’t much information about this attack, we do know that it’s a vulnerability in the vCenter Server’s implementation of DCE/RPC. It should be noted that DCERPC is not the same as the vCenter Server HTTP interface; they are completely different protocols running on different ports.
- vCenter Server versions < “8.0 U2d”
- vCenter Server versions < “8.0 U1e”
- vCenter Server versions < “7.0 U3r”
Vulnerability Impact: A malicious actor with network access to the vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet, which could lead to remote code execution. The “specially crafted network packet” is assumed to be that of the DCERPC protocol.
Exploitation Details: There are currently no details about the vulnerability outside of the advisory.
Patch Availability:
Detection with Censys:
- Search Exposure Query for all Censys-visible vCenter HTTP interfaces
- Search Exposure Query for all Censys-visible vCenter HTTP interfaces that also run DCE/RPC
- ASM Exposure Query for all Censys-visible vCenter HTTP interfaces
- ASM Exposure Query for all Censys-visible vCenter HTTP interfaces that also run DCE/RPC
References
