A major VMware vCenter Server security bug is now being exploited, so patch now

News
By
published

Bug that was patched twice in recent months is now being abused

Malware worm
(Image credit: Shutterstock)
  • A VMware bug that grants Remote Code Execution abilities is being exploited in the wild
  • The bug was first spotted in September 2024, but the patch did not solve the problem
  • A second patch was released, and users are urged to apply now

Broadcom is warning two vulnerabilities plaguing its VMware vCenter Server product are being exploited in the wild by hackers.

Patches are available, and users are urged to apply them immediately, since there is no workaround. Furthermore, the vulnerabilities can be used to cause quite the damage to compromised networks.

In mid-September 2024, VMware released a security advisory, claiming to have patched two flaws in vCenter Server that could have granted threat actors remote code execution (RCE) abilities.

Confirmed exploitation

These flaws were tracked as CVE-2024-38812 and CVE-2024-38813.

The former affects vCenter 7.0.3, 8.9.2, and 8.0.3, as well as all versions of vSphere or VMware Cloud Foundation prior to the ones listed above. It was given a severity score of 9.8 (critical) since it can be exploited without user interaction, and since it grants RCE capabilities to a threat actor sending a custom-built network packet. The latter, on the other hand, is a 7.5-severity flaw, granting root privilege escalation.

Both vulnerabilities were first discovered by Team TZL at Tsinghua University, during the Matrix Cup Cyber Security Competition, held in China earlier this year.

However, it was soon announced that the patches did not properly work, since Broadcom issued a second patch in late October 2024. At that time, despite the bug being present for months, and having been patched twice, there was still no evidence of abuse in the wild.

However, that time has now come.

"Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813," Broadcom said earlier this week.

Unfortunately, at this time, we don’t know who is abusing these vulnerabilities, or against whom. However, BleepingComputer reminds that threat actors, including ransomware gangs and state-sponsored threat actors, often target VMware vCenter bugs.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Veeam backup software has a serious security flaw - here's how to stay safe
Representational image depecting cybersecurity protection
Hackers are breaking SonicWall products to target business networks
Digital image of a lock.
Fortinet flags some worrying security bugs coming back from the dead
Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
Daredevil standing in somebody's underground lair in Daredevil: Born Again season 1

Daredevil: Born Again is a fearless Disney+ revival of the best Netflix Marvel TV show that continues to restore my faith in the MCU
See more latest
Most Popular
A business woman looking at AI on a transparent screen
Businesses are facing an "AI Divide" - which could be the difference between success and failure
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Apple Vision Pro with Dassault Systèmes 3DEXPERIENCE platform
Dassault Systèmes teams up with Apple to use Vision Pro headsets to bring spatial CAD to life
Samsung 18.1-inch foldable OLED monitor
Samsung has launched a flexible portable monitor complete with a briefcase, one that seems to come straight from a James Bond movie
GenMachine Zhi mini pc
This is the smallest AMD PC I've ever seen: mysterious manufacturer uses Ryzen 3 APU with surprising results
Beelink ME Mini
One of our favorite mini PC vendors has launched a NAS that looks a bit like Apple's PowerMac G4 Cube PC - but way smaller
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Maserati MC20 Autonomous
This AI-driven Maserati just hit 197.7mph without a human behind the wheel
AI data center
Is Microsoft hesitating on AI? Days after CEO said it would be upping capacity, analyst claims tech giant has actually cancelled data center leases