Hello All,
Summary: VMware has issued a security bulletin on June 18, 2024, to alert users about the discovery of several critical vulnerabilities in their products. These vulnerabilities impact the following products: VMware vCenter Server and VMware Cloud Foundation. They allow an attacker to execute arbitrary code remotely and elevate privileges by exploiting vulnerabilities in the DCERPC protocol implemented in these products.
List of Vulnerabilities (CVE):
- CVE 2024-37079 (CVSS 9.8)
- CVE 2024-37080 (CVSS 9.8)
- CVE 2024-37081 (CVSS 7.8)
Affected Systems and Versions:
- Cloud Foundation (vCenter Server) versions 4.x and 5.x without the KB88287 patch
- vCenter Server versions 7.0 prior to 7.0 U3r
- vCenter Server versions 8.0 prior to 8.0 U2d and 8.0 U1e
Solution: VMware provides several patches to mitigate these vulnerabilities. You can find all the patches via this link: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 , specifically in the “Response Matrix” section.
Documentation :
