Published on: 19 September 2024
Last update on: 23 October 2024
VMware has published a security advisory to address multiple vulnerabilities in VMware products. The details of patches can be found at:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Reports indicate that multiple vulnerabilities (CVE-2024-38812 and CVE-2024-38813) in VMware vCenter Server and Cloud Foundation are at high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Broadcom indicated that the previous patches for VMware vCenter Server and VMware Cloud Foundation released on 17 September 2024 did NOT completely address the remote code execution vulnerability (CVE-2024-38812), and additional patches to fully address the issue are available now. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Please note that older unsupported and End-Of-Life (EOL) versions, including but not limited to VMware vSphere 6.5 and 6.7, are also confirmed as vulnerable with no security updates provided. System administrators should arrange to upgrade the unsupported and EOL versions to supported versions or migrate to other supported technology.
For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.
Depending on the vulnerabilities being exploited, a successful exploitation could lead to remote code execution or privilege escalation on the affected system.
Additional patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.