Broadcom Issues Urgent Security Advisory for VMware vCenter Server and Cloud Foundation
Broadcom has released a critical security advisory concerning two vulnerabilities in VMware vCenter Server, the centralized management tool for virtual machines and hosts, and VMware Cloud Foundation, the private cloud infrastructure platform.
- CVE-2024-38812 is a heap-overflow vulnerability in VMware vCenter Server with a CVSSv3 score of 9.8. An attacker with network access to vCenter Server could trigger this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution.
- CVE-2024-38813 is a privilege escalation vulnerability in vCenter Server with a CVSSv3 score of 7.5. An attacker with network access to vCenter Server could exploit this vulnerability by sending a specially crafted network packet to escalate privileges to root.
Further information – https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.